General
-
Target
SecuriteInfo.com.Trojan.InjectNET.14.12461.26500
-
Size
837KB
-
Sample
201204-pw6vkasd8j
-
MD5
7c92c8463015b846cbe9e0fc155ab1d4
-
SHA1
d467fd2abf612d2589c65ea3de4e9fe9b875b6e4
-
SHA256
c5594905b696c5a3eb11b662f5d0e158bc95cab02c0fe4eb6c20601fa1ba3a81
-
SHA512
354579c2afb30c60737844eb26d81ac35f1fc4abb571ef69eb30e5b9d5ccb40bf813cfc8da7e7d7589efaca25d0d10bb520bb8fa30e90fc9d44ca3debd5d18ca
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.InjectNET.14.12461.26500.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Trojan.InjectNET.14.12461.26500
-
Size
837KB
-
MD5
7c92c8463015b846cbe9e0fc155ab1d4
-
SHA1
d467fd2abf612d2589c65ea3de4e9fe9b875b6e4
-
SHA256
c5594905b696c5a3eb11b662f5d0e158bc95cab02c0fe4eb6c20601fa1ba3a81
-
SHA512
354579c2afb30c60737844eb26d81ac35f1fc4abb571ef69eb30e5b9d5ccb40bf813cfc8da7e7d7589efaca25d0d10bb520bb8fa30e90fc9d44ca3debd5d18ca
-
Looks for VirtualBox Guest Additions in registry
-
Looks for VMWare Tools registry key
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-