General
-
Target
a581b527e44fdebb3f62b184e4df5a4d.exe
-
Size
463KB
-
Sample
210226-hwtake8y26
-
MD5
a581b527e44fdebb3f62b184e4df5a4d
-
SHA1
96e3f0842e5e6e01659d8b6fa8f63313fd089508
-
SHA256
d7b185cdc7b58c419814ecbf667db1307587b1949e8f107fd80e16af446196d4
-
SHA512
cde0e83e044f2188dc604938c6b7aa1e8f41ffef95ca0255fdd4e31a7a6d82e28834d491c6b5ac244398e0bb5c82e40a8f8ff052c380327c4443d0fd1cd6d09f
Static task
static1
Behavioral task
behavioral1
Sample
a581b527e44fdebb3f62b184e4df5a4d.exe
Resource
win7v20201028
Malware Config
Extracted
raccoon
563129eb2a69de0d6dd4671019520d08f6eb4830
-
url4cnc
https://telete.in/bItalianoespanol
Extracted
gozi_ifsb
6565
updates.microsoft.com
klounisoronws.xyz
darwikalldkkalsld.xyz
-
build
250177
-
dga_season
10
-
exe_type
loader
-
server_id
12
Targets
-
-
Target
a581b527e44fdebb3f62b184e4df5a4d.exe
-
Size
463KB
-
MD5
a581b527e44fdebb3f62b184e4df5a4d
-
SHA1
96e3f0842e5e6e01659d8b6fa8f63313fd089508
-
SHA256
d7b185cdc7b58c419814ecbf667db1307587b1949e8f107fd80e16af446196d4
-
SHA512
cde0e83e044f2188dc604938c6b7aa1e8f41ffef95ca0255fdd4e31a7a6d82e28834d491c6b5ac244398e0bb5c82e40a8f8ff052c380327c4443d0fd1cd6d09f
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-