General
-
Target
ba0b2518a0073173f4940923af6e235eb8c392283903053d55e5dd31236a3b3d.exe
-
Size
485KB
-
Sample
201210-2tptggpkre
-
MD5
7b3a0c8d0b05933156402de9a42490fc
-
SHA1
49ea0ae6f2740dbbb7231423c16f8e88566bdb92
-
SHA256
ba0b2518a0073173f4940923af6e235eb8c392283903053d55e5dd31236a3b3d
-
SHA512
49e37363637fb91c2a8325c0a6f734f194d38a3aecdbf9f271a7dc2d22241a287467f7ad672a81e8b6fe6c5a642c45c3ceba05f762b18c7f5525f6c9c8988164
Static task
static1
Behavioral task
behavioral1
Sample
ba0b2518a0073173f4940923af6e235eb8c392283903053d55e5dd31236a3b3d.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
ba0b2518a0073173f4940923af6e235eb8c392283903053d55e5dd31236a3b3d.exe
-
Size
485KB
-
MD5
7b3a0c8d0b05933156402de9a42490fc
-
SHA1
49ea0ae6f2740dbbb7231423c16f8e88566bdb92
-
SHA256
ba0b2518a0073173f4940923af6e235eb8c392283903053d55e5dd31236a3b3d
-
SHA512
49e37363637fb91c2a8325c0a6f734f194d38a3aecdbf9f271a7dc2d22241a287467f7ad672a81e8b6fe6c5a642c45c3ceba05f762b18c7f5525f6c9c8988164
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-