General
-
Target
7d5a707f791386fa9472d4e3c89c04c3.exe
-
Size
4.7MB
-
Sample
210117-ctypahw4xa
-
MD5
7d5a707f791386fa9472d4e3c89c04c3
-
SHA1
e4adfec071631fa1e29d3821caa640d05db39843
-
SHA256
637abbc3ff5e6643ea2765ae8b29764da333f2e35bd6d7eed2ec10d980d7b584
-
SHA512
ba9969b02554e63a42c2b4383079dfe859748f08eda0552c8963492c75976a31c2b7f38515cd12d27900eec8f71ef92a908301b229985794c4d8cfe034b62618
Static task
static1
Behavioral task
behavioral1
Sample
7d5a707f791386fa9472d4e3c89c04c3.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
7d5a707f791386fa9472d4e3c89c04c3.exe
-
Size
4.7MB
-
MD5
7d5a707f791386fa9472d4e3c89c04c3
-
SHA1
e4adfec071631fa1e29d3821caa640d05db39843
-
SHA256
637abbc3ff5e6643ea2765ae8b29764da333f2e35bd6d7eed2ec10d980d7b584
-
SHA512
ba9969b02554e63a42c2b4383079dfe859748f08eda0552c8963492c75976a31c2b7f38515cd12d27900eec8f71ef92a908301b229985794c4d8cfe034b62618
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-