General
-
Target
gye1.cab.zip
-
Size
457KB
-
Sample
201207-945vcj9gx2
-
MD5
6ba56c918abb03b5453f6338d87a4004
-
SHA1
cb1a44a5b66e65d1fb2ddf2b19f21085ae2ddd24
-
SHA256
ccecbbaf6bdd8b83cb5966dc1e8f6157aea6a22274166fb7c10f194ad28f4277
-
SHA512
6f9ca254784f148d9f21763ce2289bf0ab6f8fdd992b5722b94b9aef30e07413c55bdc5456b08300e8137438a6d0c67eed1d6e4decab000879b2c615c205d45f
Static task
static1
Behavioral task
behavioral1
Sample
gye1.cab.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
gye1.cab.dll
Resource
win10v20201028
Malware Config
Targets
-
-
Target
gye1.cab
-
Size
632KB
-
MD5
e78b3e5f216b0fc21a528a1a4de83a39
-
SHA1
91d536c3667177f95b1713b563d54a1437bf27d5
-
SHA256
4eed17645ed997121a95459508067a23459d1e36f43d50f672f198e9d117cc2c
-
SHA512
b56548d765c9f0fcc0f65b4f283b406ce8b4f70c8b6b3a0845299075b8bc7ae1b60032cd7fb40f69ba855767e3304904c8ce413bbdb4cc4773df439256deadeb
Score10/10-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-