General
-
Target
005aaa381c59d33ccd4fb5977d8feffb5cd8bd4ebe9adaaf8d8835f6d80f3779.exe
-
Size
161KB
-
Sample
210227-h76g1b9mk2
-
MD5
4df2b2fc528ff7ba3e5603d5f0e0e8a7
-
SHA1
3198f3e5b2a22ce03e8252226c50279ebf95201c
-
SHA256
005aaa381c59d33ccd4fb5977d8feffb5cd8bd4ebe9adaaf8d8835f6d80f3779
-
SHA512
016ae1d262735571c4accd6de249e8b47b3ccb3b7bf383b47d3a734eaff43c009c0a37997e1797751b8e3ffc86eba38b541155bce73ac723f914c67b846b6287
Static task
static1
Behavioral task
behavioral1
Sample
005aaa381c59d33ccd4fb5977d8feffb5cd8bd4ebe9adaaf8d8835f6d80f3779.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
005aaa381c59d33ccd4fb5977d8feffb5cd8bd4ebe9adaaf8d8835f6d80f3779.exe
-
Size
161KB
-
MD5
4df2b2fc528ff7ba3e5603d5f0e0e8a7
-
SHA1
3198f3e5b2a22ce03e8252226c50279ebf95201c
-
SHA256
005aaa381c59d33ccd4fb5977d8feffb5cd8bd4ebe9adaaf8d8835f6d80f3779
-
SHA512
016ae1d262735571c4accd6de249e8b47b3ccb3b7bf383b47d3a734eaff43c009c0a37997e1797751b8e3ffc86eba38b541155bce73ac723f914c67b846b6287
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-