General
-
Target
zergb.exe
-
Size
808KB
-
Sample
201126-7ahx13f5r6
-
MD5
d3dee81cd147380fc01723cd3acb0cee
-
SHA1
b26c8f5eca80140a68665447bd2a463feb38cfa5
-
SHA256
63c4e17fa9b6d87a9f4b68b854cae50e95f8de2a86929fecb8f34af0d15798e7
-
SHA512
ad500e7070b17275312d58cca71618ef18a94efc9dd34a8933945cd1c09b67485dc22bf26f342bdc0e35449790600193f0b4ebd72c10a2aea37cd67ffad29bb8
Static task
static1
Behavioral task
behavioral1
Sample
zergb.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
zergb.exe
-
Size
808KB
-
MD5
d3dee81cd147380fc01723cd3acb0cee
-
SHA1
b26c8f5eca80140a68665447bd2a463feb38cfa5
-
SHA256
63c4e17fa9b6d87a9f4b68b854cae50e95f8de2a86929fecb8f34af0d15798e7
-
SHA512
ad500e7070b17275312d58cca71618ef18a94efc9dd34a8933945cd1c09b67485dc22bf26f342bdc0e35449790600193f0b4ebd72c10a2aea37cd67ffad29bb8
-
Deletes itself
-
Loads dropped DLL
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-