General
-
Target
5370442549592064.zip
-
Size
417KB
-
Sample
210122-dz1leejqc2
-
MD5
cea0d9d73e33bea434a3e50c35f28e94
-
SHA1
f7e020545d7bfafc9ee94aeeee2d55f6f4ffc554
-
SHA256
7e7bf63f1b2ba92baaa959119d16a928deab9cadbc7619092c3f9ba8bfc61520
-
SHA512
05372b9ce7926f0c4fd050cc64114bb6d53a23da7ef647fd14ad304e280f85c2e35f65e394bb1757876f4b9cba0969dcde60b080b4c5823620d6429b7a4a8c4a
Static task
static1
Behavioral task
behavioral1
Sample
8258c53a44012f6911281a6331c3ecbd834b6698b7d2dbf4b1828540793340d1.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
8258c53a44012f6911281a6331c3ecbd834b6698b7d2dbf4b1828540793340d1.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
8258c53a44012f6911281a6331c3ecbd834b6698b7d2dbf4b1828540793340d1
-
Size
1.0MB
-
MD5
3281b2d95e7123a429001400c10ebe28
-
SHA1
b97308ea9f9c410188d43c34a867fa42c9e9128e
-
SHA256
8258c53a44012f6911281a6331c3ecbd834b6698b7d2dbf4b1828540793340d1
-
SHA512
2d8829ba0023a0b0f2e3aaa48301f6458fec20e20c019840610f7f862a54615f46de28a5aeb470ae0df5e046d3a8da0310dc29df0b3f60f36ffe4438c469ff11
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Clears Windows event logs
-
Modifies boot configuration data using bcdedit
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Enumerates physical storage devices
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-