General
-
Target
adbd62b6b21d1749322122d27399495f38c80297bc5f0a7be12fc6bfa7173a8b.bin.sample.gz
-
Size
1.5MB
-
Sample
201204-cbea7eklfs
-
MD5
26137c53e61c6372546ab028dd63e9cb
-
SHA1
9a878035214d11d13b7b3cc44e6513d75446c701
-
SHA256
576167ecd1c0080caa550fdaaa5f8a7c9fc37441460d7c9095960291ad2a3882
-
SHA512
2154fef2605df601105f23f85479f1b03fde4517552c0fb78e4cfbaebbc25d1af8418300a32dc46e0ca25c458e54f884667cf0489b3f600fbf8fbafb502e18fc
Static task
static1
Behavioral task
behavioral1
Sample
sample.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
sample.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
sample
-
Size
1.5MB
-
MD5
9a4be46355a7848f5e4d545e14905e25
-
SHA1
0ded8998c4f07c40f39fd0567d196c1fc7393960
-
SHA256
adbd62b6b21d1749322122d27399495f38c80297bc5f0a7be12fc6bfa7173a8b
-
SHA512
abfecf1404d614cbc5049b97c94f229abf8a02e92107c220ac95bea65c20dcbe958032faa7194ec7551472710abe803d2389e300fb6eab1773754bb2288c68f5
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-