Overview

overview

7

Static

static

09000000000000h.exe

windows7_x64

7

09000000000000h.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09000000000000h.exe

  • Size

    593KB

  • Sample

    210113-y796qbfpy6

  • MD5

    af891ae0d2ec4596cd000335cfb9bbcc

  • SHA1

    bc5414af0bf6cabe07b0088a306a06f6f3dd5407

  • SHA256

    5cc38d4a28e3609654ae3975d062a71272bdaaa655d998498f2169c7679bb19e

  • SHA512

    7d8d2aad1499609e9ff3b0c503a24926cc8ce1f71b1e34b17b7d2e7f6940dbd49caa72ccbd2fa93baf078b2df9e7928d11e0375b751a4e98e544955cc9dd2335

Score
7/10
spyware

Malware Config

Targets

    • Target

      09000000000000h.exe

    • Size

      593KB

    • MD5

      af891ae0d2ec4596cd000335cfb9bbcc

    • SHA1

      bc5414af0bf6cabe07b0088a306a06f6f3dd5407

    • SHA256

      5cc38d4a28e3609654ae3975d062a71272bdaaa655d998498f2169c7679bb19e

    • SHA512

      7d8d2aad1499609e9ff3b0c503a24926cc8ce1f71b1e34b17b7d2e7f6940dbd49caa72ccbd2fa93baf078b2df9e7928d11e0375b751a4e98e544955cc9dd2335

    Score
    7/10
    spyware

    • Drops startup file

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks