General
-
Target
3532dd3d0f0ba1c2d0fe796ed4f26bfcd9cc62c2cc9c1199181591798d8d7145.zip
-
Size
460KB
-
Sample
201211-vjnpczgc1x
-
MD5
5d53d873153840ac5318ec6ed35a132d
-
SHA1
d480adfc8e1e023c58a23413ea8353e4a5bd00cb
-
SHA256
9c859cf761688c7b16b1251c64d379b84b5cf54dfcd6c0e04eacdba2cf1451fc
-
SHA512
533387f257eec779cfd4c640fe1abdb80c2942a16c2fe6753543857811ad28e980fe00895d58f93041ea82c51fb19c59ab025f45ae31db495022195b06ec75f2
Static task
static1
Behavioral task
behavioral1
Sample
3532dd3d0f0ba1c2d0fe796ed4f26bfcd9cc62c2cc9c1199181591798d8d7145.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
3532dd3d0f0ba1c2d0fe796ed4f26bfcd9cc62c2cc9c1199181591798d8d7145
-
Size
789KB
-
MD5
adeb3a88f0ffe993d94ddd6b9e8fdab3
-
SHA1
e480d5519822b36493256cb9fd25915003f107e4
-
SHA256
3532dd3d0f0ba1c2d0fe796ed4f26bfcd9cc62c2cc9c1199181591798d8d7145
-
SHA512
4cb3ce0b939e3316ae3d26dba9c372177ec719302e9195c495670cac24c69985920715ba3dac1776c6ea3c453dcb031e550e8bd2528591cacf2e163da818647b
-
Deletes itself
-
Drops startup file
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext
-