General
-
Target
a0fc8bd4c1de12ee61db0ebe6ef4b0b4bb027916ddf315142bf2b54853c875e8.zip
-
Size
169KB
-
Sample
201204-nkbxabrk7s
-
MD5
1ffc0d9b7a67914594f0d39dcd4e7ec6
-
SHA1
c0d6658e8c513c7b4c32f77c6e04e13a76cde572
-
SHA256
bc9ec005f940fdac5ef1a734e79cff436c610e7e2f76cf96a4bb97f79934602f
-
SHA512
b7be66cbff78481de7bca1042baad13da58417a8f26eabb80eca280fcfc6dbcf6c11e74000247ad3d38a39d06161c1bdd1ed568b9c80a29f3944df41580ecab4
Static task
static1
Behavioral task
behavioral1
Sample
a0fc8bd4c1de12ee61db0ebe6ef4b0b4bb027916ddf315142bf2b54853c875e8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
a0fc8bd4c1de12ee61db0ebe6ef4b0b4bb027916ddf315142bf2b54853c875e8.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
a0fc8bd4c1de12ee61db0ebe6ef4b0b4bb027916ddf315142bf2b54853c875e8
-
Size
236KB
-
MD5
f9408e1696237a0c8fcf6f7aa8c9e8c0
-
SHA1
d0385a0131482424bdc1d9b358ee434de37ca8ce
-
SHA256
a0fc8bd4c1de12ee61db0ebe6ef4b0b4bb027916ddf315142bf2b54853c875e8
-
SHA512
c927874a8f6b65e2d0bf00a03702c08805d3f9e2d7aaa927c407f9c231592c5c12e854dcc887aeef40d35db2f04716f873aec74f772f99ef1dbb0f2d85b11f52
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-