General
-
Target
obi.exe
-
Size
216KB
-
Sample
201122-az3r93j1wn
-
MD5
ba952388e4c1852e3c0652ad22edb96c
-
SHA1
bb99c2ee45f211cb912825a39be8c1f9e2b66f56
-
SHA256
e5662c40e472ff15127b5466170ee7e235daab610c4a897a3ecffc50fa716c14
-
SHA512
74049c83eaabb48a15043e0cbaaa52bbfb5aded7cd85d7baa39b64a094ea41e151199882e7f3282f83441898214b6e37fd254358043f2e95a312eb57a89621a7
Static task
static1
Behavioral task
behavioral1
Sample
obi.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
obi.exe
-
Size
216KB
-
MD5
ba952388e4c1852e3c0652ad22edb96c
-
SHA1
bb99c2ee45f211cb912825a39be8c1f9e2b66f56
-
SHA256
e5662c40e472ff15127b5466170ee7e235daab610c4a897a3ecffc50fa716c14
-
SHA512
74049c83eaabb48a15043e0cbaaa52bbfb5aded7cd85d7baa39b64a094ea41e151199882e7f3282f83441898214b6e37fd254358043f2e95a312eb57a89621a7
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-