General
-
Target
cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
-
Size
235KB
-
Sample
201112-g767hbwbr2
-
MD5
e83a8ae8d2c31660fda61ed9502bd49a
-
SHA1
7aa1df0db8c5d327ab7aa914798e625c3902ae7b
-
SHA256
cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
-
SHA512
e8054cacec20d66bbb7e0efa132c5ba93b75f4dc0684fca138b74229b34d5a58e027eeeb4ac20c105ebaa8bedad08c336f364d603a4f094d22777bdf9bdc88a6
Static task
static1
Behavioral task
behavioral1
Sample
cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
-
Size
235KB
-
MD5
e83a8ae8d2c31660fda61ed9502bd49a
-
SHA1
7aa1df0db8c5d327ab7aa914798e625c3902ae7b
-
SHA256
cb2447fa5d55beecb9b522ea0215bbc4f5c3add1fbf4fb257f19a6cb8c5f15fc
-
SHA512
e8054cacec20d66bbb7e0efa132c5ba93b75f4dc0684fca138b74229b34d5a58e027eeeb4ac20c105ebaa8bedad08c336f364d603a4f094d22777bdf9bdc88a6
Score9/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-