General
-
Target
SecuriteInfo.com.W32.AIDetectGBM.malware.02.16429.30290
-
Size
672KB
-
Sample
210221-tkheb2p1ms
-
MD5
d498ec8286774d0d30c3563e84775653
-
SHA1
08ac759597c2cbf891b251643152e0b6afdfac9b
-
SHA256
c7158275bd1aeb9c788acaea6e8e8c683ac897844ccf7ea27a45dc3fe82b58c3
-
SHA512
5769f039b52de3597d82fbb61e610162670a22b424517fcbcbc77cccbfabed2b1fd61672220fe30e946065429643ed64de17c36d1b5c4a2ff070a5be5dfb4650
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectGBM.malware.02.16429.30290.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.W32.AIDetectGBM.malware.02.16429.30290.exe
Resource
win10v20201028
Malware Config
Extracted
raccoon
324730a107fc8faf47c841b56b981a382de05954
-
url4cnc
https://telete.in/u92numberone
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectGBM.malware.02.16429.30290
-
Size
672KB
-
MD5
d498ec8286774d0d30c3563e84775653
-
SHA1
08ac759597c2cbf891b251643152e0b6afdfac9b
-
SHA256
c7158275bd1aeb9c788acaea6e8e8c683ac897844ccf7ea27a45dc3fe82b58c3
-
SHA512
5769f039b52de3597d82fbb61e610162670a22b424517fcbcbc77cccbfabed2b1fd61672220fe30e946065429643ed64de17c36d1b5c4a2ff070a5be5dfb4650
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-