General
-
Target
FileSetup-v17.04.41.exe
-
Size
4.4MB
-
Sample
210129-97x41ynnl2
-
MD5
b7234e4a9aaaacefa890535f8117c8fc
-
SHA1
24c4321111ff004105c14e29662682f16900de29
-
SHA256
a8fefe8e1f92a30d1cdd4e2e2afaacf08a02c8961f496ee16e89062417ec5f28
-
SHA512
8590be6433943bec0867a18247e25d9821d39db1d06c6957d3895558eb5568dddff0b97acda222f0a16701c50de43d8ad667d6717add6900ec941e71ca28e513
Static task
static1
Behavioral task
behavioral1
Sample
FileSetup-v17.04.41.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
FileSetup-v17.04.41.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
FileSetup-v17.04.41.exe
-
Size
4.4MB
-
MD5
b7234e4a9aaaacefa890535f8117c8fc
-
SHA1
24c4321111ff004105c14e29662682f16900de29
-
SHA256
a8fefe8e1f92a30d1cdd4e2e2afaacf08a02c8961f496ee16e89062417ec5f28
-
SHA512
8590be6433943bec0867a18247e25d9821d39db1d06c6957d3895558eb5568dddff0b97acda222f0a16701c50de43d8ad667d6717add6900ec941e71ca28e513
Score9/10-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
JavaScript code in executable
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-