General
-
Target
sample10.exe
-
Size
747KB
-
Sample
210224-dw8yh8qtyj
-
MD5
8cf04f1cfaf76ce93fbd4431d9878e96
-
SHA1
f7ecaae5efb5ed2bdde986ff680eff4f138736eb
-
SHA256
0011a1d760bc5fae16e82e93969280e349d38db66eae744139a020cf84ba7d87
-
SHA512
5236549ebc343c402a04c52b7147692aebfb3637ed5eac4fb21fd2af96eb9c68a53b02f8f8c07ffefff375153224d40b521b94bd1490459b72baaf8a3fba7ae7
Static task
static1
Behavioral task
behavioral1
Sample
sample10.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
sample10.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
sample10.exe
-
Size
747KB
-
MD5
8cf04f1cfaf76ce93fbd4431d9878e96
-
SHA1
f7ecaae5efb5ed2bdde986ff680eff4f138736eb
-
SHA256
0011a1d760bc5fae16e82e93969280e349d38db66eae744139a020cf84ba7d87
-
SHA512
5236549ebc343c402a04c52b7147692aebfb3637ed5eac4fb21fd2af96eb9c68a53b02f8f8c07ffefff375153224d40b521b94bd1490459b72baaf8a3fba7ae7
Score10/10-
Modifies WinLogon for persistence
-
Modifies visibility of file extensions in Explorer
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-