General
-
Target
api.exe
-
Size
22.9MB
-
Sample
201118-55lnpg8fkn
-
MD5
3561a1c35184a0b60b89f4b560a9660d
-
SHA1
e39442388db90a088a8eb8ce46d4f61182334a1b
-
SHA256
3f1e28e961239c01602b1ce7555f51778c9f369b059ef07b75a7d9dee70ff8b1
-
SHA512
7a83a669e8a72d6ec83952c9d57cc8059a6fff6f3564dab69ad50ca939a7d8e3f3d7d9ed74f8d06d060a39f8c4525fcfdcdecf2550c6fe57da0bef3df1f5ee75
Static task
static1
Behavioral task
behavioral1
Sample
api.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
api.exe
-
Size
22.9MB
-
MD5
3561a1c35184a0b60b89f4b560a9660d
-
SHA1
e39442388db90a088a8eb8ce46d4f61182334a1b
-
SHA256
3f1e28e961239c01602b1ce7555f51778c9f369b059ef07b75a7d9dee70ff8b1
-
SHA512
7a83a669e8a72d6ec83952c9d57cc8059a6fff6f3564dab69ad50ca939a7d8e3f3d7d9ed74f8d06d060a39f8c4525fcfdcdecf2550c6fe57da0bef3df1f5ee75
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Modifies service
-