General
-
Target
526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
-
Size
2.0MB
-
Sample
201113-pxexg5xfze
-
MD5
fc91265d814957f8963ca2ff8de8b689
-
SHA1
18ce51ccfff15e04b958f95fd1ee3c82cdb2784f
-
SHA256
526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
-
SHA512
5044b473116881cbf0c74a9758b1dbd88cd273d2a928ebac57a0d3a828ece13bdda8448e33b28c54caa0d44bdd3a5ab2ba2b44c09fd3bf6f6383689caf73286a
Static task
static1
Behavioral task
behavioral1
Sample
526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
-
Size
2.0MB
-
MD5
fc91265d814957f8963ca2ff8de8b689
-
SHA1
18ce51ccfff15e04b958f95fd1ee3c82cdb2784f
-
SHA256
526b68a0be26a2bce634d4c37a025eca01d051e4ae0df350fa384541ebbe09c5
-
SHA512
5044b473116881cbf0c74a9758b1dbd88cd273d2a928ebac57a0d3a828ece13bdda8448e33b28c54caa0d44bdd3a5ab2ba2b44c09fd3bf6f6383689caf73286a
-
Echelon log file
Detects a log file produced by Echelon.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-