SecuriteInfo.com.BehavesLike.Win32.Generic.rc.24109

General
Target

SecuriteInfo.com.BehavesLike.Win32.Generic.rc.24109

Size

4MB

Sample

201120-myarj5ghzj

Score
8 /10
MD5

2b850328e045c89a396af20bb10efe99

SHA1

277ac714f14b916fc1c6e8f45b9e8201cbb6c3e5

SHA256

20d4f5c1aeb9db0c7be6a5c2c88216412225e8419d4374a0e50c92d81c5e67fc

SHA512

0820697c24d729d6bdc227a6fa2fd6993265fc736daba86427eb9acb635cc8aba6b3a517384fe42ede40da2b1a1474c1273da3306309bbd724b9f38683b01450

Malware Config
Targets
Target

SecuriteInfo.com.BehavesLike.Win32.Generic.rc.24109

MD5

2b850328e045c89a396af20bb10efe99

Filesize

4MB

Score
8 /10
SHA1

277ac714f14b916fc1c6e8f45b9e8201cbb6c3e5

SHA256

20d4f5c1aeb9db0c7be6a5c2c88216412225e8419d4374a0e50c92d81c5e67fc

SHA512

0820697c24d729d6bdc227a6fa2fd6993265fc736daba86427eb9acb635cc8aba6b3a517384fe42ede40da2b1a1474c1273da3306309bbd724b9f38683b01450

Tags

Signatures

  • Blacklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    8/10

                    behavioral2

                    8/10