General
-
Target
SecuriteInfo.com.Generic.mg.c256502f66dbd289.10792
-
Size
1.7MB
-
Sample
210109-deb6bhpc6a
-
MD5
c256502f66dbd289955472b574432271
-
SHA1
d7adee8673f92b59bfdaaa598ab41e04a2226ba8
-
SHA256
facf1bd37fa739f82bc10a7a6e7436b4871af89e3c8389270673e2dbb76200e4
-
SHA512
f6042d1bec0de3bc025c8aa525b2ad2c9f2d9fcd6c0a6446ba589b5b2ba1852621e65af69bf961bfa313df4451fb16974a406e02c0f391e30fd64c51f0a5be80
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Generic.mg.c256502f66dbd289.10792.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Generic.mg.c256502f66dbd289.10792.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
swryijgrvcsgkopnmcdertvgdswbvmophtfdczxs.ydns.eu:2017
Targets
-
-
Target
SecuriteInfo.com.Generic.mg.c256502f66dbd289.10792
-
Size
1.7MB
-
MD5
c256502f66dbd289955472b574432271
-
SHA1
d7adee8673f92b59bfdaaa598ab41e04a2226ba8
-
SHA256
facf1bd37fa739f82bc10a7a6e7436b4871af89e3c8389270673e2dbb76200e4
-
SHA512
f6042d1bec0de3bc025c8aa525b2ad2c9f2d9fcd6c0a6446ba589b5b2ba1852621e65af69bf961bfa313df4451fb16974a406e02c0f391e30fd64c51f0a5be80
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-