General
-
Target
c661889324829954d76288b53082f0fb1d3db9b9c47c0716dc962d856454e7d3
-
Size
65KB
-
Sample
201110-f1w43322rs
-
MD5
0428f920678d3b6e7b5b99bacf71f0ef
-
SHA1
b15e732a4b124e73182df89034414d96aeda3369
-
SHA256
c661889324829954d76288b53082f0fb1d3db9b9c47c0716dc962d856454e7d3
-
SHA512
19b02d2aa3c67a711ce82a1ae010f8bceea37900c1d36b2674420e04c739e7bab35af77e3fd366c405b21b81c84716f6acc5922092d716995fe137133e59811a
Static task
static1
Behavioral task
behavioral1
Sample
c661889324829954d76288b53082f0fb1d3db9b9c47c0716dc962d856454e7d3.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
c661889324829954d76288b53082f0fb1d3db9b9c47c0716dc962d856454e7d3
-
Size
65KB
-
MD5
0428f920678d3b6e7b5b99bacf71f0ef
-
SHA1
b15e732a4b124e73182df89034414d96aeda3369
-
SHA256
c661889324829954d76288b53082f0fb1d3db9b9c47c0716dc962d856454e7d3
-
SHA512
19b02d2aa3c67a711ce82a1ae010f8bceea37900c1d36b2674420e04c739e7bab35af77e3fd366c405b21b81c84716f6acc5922092d716995fe137133e59811a
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-