General
-
Target
SecuriteInfo.com.BehavesLike.Win32.PUPXAA.gc.4872
-
Size
484KB
-
Sample
210127-qpvvthshaa
-
MD5
166b58a98956607f82871fdb951cb54f
-
SHA1
0ed680c291d6827524a5ade0c76d581c0b053cd5
-
SHA256
20e7b49fd70f92e6baf15b30760c19c88cf99f7cafd76be5c395e45b2f50c6c6
-
SHA512
316dd7fd7678e65a730cf9413dcc91363bc1655e81d31ef1be795c4fc059a91c51d8c4844d0759eacc6afefc4bf7d0adcbc57b379fba359d7326d09e4b3aabac
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BehavesLike.Win32.PUPXAA.gc.4872.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
SecuriteInfo.com.BehavesLike.Win32.PUPXAA.gc.4872
-
Size
484KB
-
MD5
166b58a98956607f82871fdb951cb54f
-
SHA1
0ed680c291d6827524a5ade0c76d581c0b053cd5
-
SHA256
20e7b49fd70f92e6baf15b30760c19c88cf99f7cafd76be5c395e45b2f50c6c6
-
SHA512
316dd7fd7678e65a730cf9413dcc91363bc1655e81d31ef1be795c4fc059a91c51d8c4844d0759eacc6afefc4bf7d0adcbc57b379fba359d7326d09e4b3aabac
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
JavaScript code in executable
-