Analysis
-
max time kernel
10s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
14-01-2021 06:36
Static task
static1
Behavioral task
behavioral1
Sample
5e7ac79e96dbe285cba29a6e909c171a.exe
Resource
win7v20201028
General
-
Target
5e7ac79e96dbe285cba29a6e909c171a.exe
-
Size
267KB
-
MD5
5e7ac79e96dbe285cba29a6e909c171a
-
SHA1
453ed62045971554723275de992d5f731b6584b1
-
SHA256
4f424343ad7f36fd626de941758aee9c44092d29622f11eb40e4731aada7e10a
-
SHA512
5c010df48af90f829546d826283eb7916f8529987645ea67b723ec329cf90337a50fe759287d2c490814c7dc66dd15edbe03935528448b123e0934e59c405c61
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 8 api.ipify.org -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
5e7ac79e96dbe285cba29a6e909c171a.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 5e7ac79e96dbe285cba29a6e909c171a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 5e7ac79e96dbe285cba29a6e909c171a.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
5e7ac79e96dbe285cba29a6e909c171a.exepid process 756 5e7ac79e96dbe285cba29a6e909c171a.exe 756 5e7ac79e96dbe285cba29a6e909c171a.exe