General
-
Target
windowsphoto.exe
-
Size
83KB
-
Sample
210202-gcmlz2k96n
-
MD5
f7fc343cbf86f08c7b529ab451677752
-
SHA1
1ef5d87b03502389362fa7a2aa3931b5e3e34353
-
SHA256
e81d26edffa4b4570584bd1cb36211587108dfbbfc24f303a2c3e261cc3c59c1
-
SHA512
c77f3ac253edd3f2bdd23593c098d5de2e4fdeae7f8dadb04a1da49a8d984b4a790a9a0e538eafad7e22075b9f6527cc387dc8c4920f15fcaa09c4048a1e0a37
Static task
static1
Behavioral task
behavioral1
Sample
windowsphoto.exe
Resource
win7v20201028
Malware Config
Extracted
buer
tokacpebanking.com
Targets
-
-
Target
windowsphoto.exe
-
Size
83KB
-
MD5
f7fc343cbf86f08c7b529ab451677752
-
SHA1
1ef5d87b03502389362fa7a2aa3931b5e3e34353
-
SHA256
e81d26edffa4b4570584bd1cb36211587108dfbbfc24f303a2c3e261cc3c59c1
-
SHA512
c77f3ac253edd3f2bdd23593c098d5de2e4fdeae7f8dadb04a1da49a8d984b4a790a9a0e538eafad7e22075b9f6527cc387dc8c4920f15fcaa09c4048a1e0a37
-
Buer Loader
Detects Buer loader in memory or disk.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-