General
-
Target
Archive.zip__ccacaxs2tbz2t6ob3e.bin.zip
-
Size
181KB
-
Sample
210217-1k86enhbh6
-
MD5
3a596c68a1a25bde889abfc1a98f1fae
-
SHA1
b6659c792ba48a48aba496f83580f032cf9d8ce7
-
SHA256
49f3069fde864586558902105b3c44af8d644233887ad7a134272a721160632d
-
SHA512
e5947276094b87422a2dad4a392ba68a329aa644210b551b25cfe90578db90688e58dab07f88469dffca6bbd77d7a59612f0e64b0577b081d5c984ae8540bb5e
Static task
static1
Behavioral task
behavioral1
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.bin.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.bin.exe
Resource
win10v20201028
Behavioral task
behavioral3
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.bin.exe
Resource
win10v20201028
Behavioral task
behavioral4
Sample
Archive.zip__ccacaxs2tbz2t6ob3e.bin.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Archive.zip__ccacaxs2tbz2t6ob3e.bin
-
Size
430KB
-
MD5
a3cab1a43ff58b41f61f8ea32319386b
-
SHA1
94689e1a9e1503f1082b23e6d5984d4587f3b9ec
-
SHA256
005d3b2b78fa134092a43e53112e5c8518f14cf66e57e6a3cc723219120baba6
-
SHA512
8f084a866c608833c3bf95b528927d9c05e8d4afcd8a52c3434d45c8ba8220c25d2f09e00aade708bbbc83b4edea60baf826750c529e8e9e05b1242c56d0198d
Score8/10-
Creates new service(s)
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Drops file in System32 directory
-