c5594905b696c5a3eb11b662f5d0e158bc95cab02c0fe4eb6c20601fa1ba3a81 | Triage

Submit
Reports

Overview

overview

9

Static

static

SecuriteIn...00.exe

windows7_x64

9

SecuriteIn...00.exe

windows10_x64

9

Sharing

General

Target

SecuriteInfo.com.Trojan.InjectNET.14.12461.26500
Size

837KB
Sample

201204-pw6vkasd8j
MD5

7c92c8463015b846cbe9e0fc155ab1d4
SHA1

d467fd2abf612d2589c65ea3de4e9fe9b875b6e4
SHA256

c5594905b696c5a3eb11b662f5d0e158bc95cab02c0fe4eb6c20601fa1ba3a81
SHA512

354579c2afb30c60737844eb26d81ac35f1fc4abb571ef69eb30e5b9d5ccb40bf813cfc8da7e7d7589efaca25d0d10bb520bb8fa30e90fc9d44ca3debd5d18ca

Score

9^/10

evasion spyware

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.InjectNET.14.12461.26500.exe

Resource

win7v20201028

evasion spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.InjectNET.14.12461.26500.exe

Resource

win10v20201028

evasion spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Trojan.InjectNET.14.12461.26500
- Size
  
  837KB
- MD5
  
  7c92c8463015b846cbe9e0fc155ab1d4
- SHA1
  
  d467fd2abf612d2589c65ea3de4e9fe9b875b6e4
- SHA256
  
  c5594905b696c5a3eb11b662f5d0e158bc95cab02c0fe4eb6c20601fa1ba3a81
- SHA512
  
  354579c2afb30c60737844eb26d81ac35f1fc4abb571ef69eb30e5b9d5ccb40bf813cfc8da7e7d7589efaca25d0d10bb520bb8fa30e90fc9d44ca3debd5d18ca
Score

9^/10

evasion spyware
- Looks for VirtualBox Guest Additions in registry
  evasion
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy