General
-
Target
f95499c80559ccac5978dd8f9fc92f58.exe
-
Size
30KB
-
Sample
201222-w7xvtmzaaj
-
MD5
f95499c80559ccac5978dd8f9fc92f58
-
SHA1
ff3c434bd32f2e61825f2b67a5f6cbde895308ef
-
SHA256
ada3714cc9e7f34831ddfff655f7a8d0c0a959d686b06fa347bf659f4e719ed7
-
SHA512
91d9c7bbf4752c5a9e303317b0c238fbe0916e9bc0b6b4b313e020e16f53ff6393f20cade3441a64be8ae91194a45e8a04c17632074db723600aa6f65c9fe089
Static task
static1
Behavioral task
behavioral1
Sample
f95499c80559ccac5978dd8f9fc92f58.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
f95499c80559ccac5978dd8f9fc92f58.exe
-
Size
30KB
-
MD5
f95499c80559ccac5978dd8f9fc92f58
-
SHA1
ff3c434bd32f2e61825f2b67a5f6cbde895308ef
-
SHA256
ada3714cc9e7f34831ddfff655f7a8d0c0a959d686b06fa347bf659f4e719ed7
-
SHA512
91d9c7bbf4752c5a9e303317b0c238fbe0916e9bc0b6b4b313e020e16f53ff6393f20cade3441a64be8ae91194a45e8a04c17632074db723600aa6f65c9fe089
-
Turns off Windows Defender SpyNet reporting
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-