General
-
Target
ed29dc0edb5cacac638c89b2b5d9c7eb445fd2e9472d0432b6c6fa42c6c21709.exe
-
Size
161KB
-
Sample
210227-rjzmza8d1s
-
MD5
49d8d33e05e8f8a720ee2b2d890729eb
-
SHA1
957ecde5354bd978d08a7e92e8d2d95003e3e441
-
SHA256
ed29dc0edb5cacac638c89b2b5d9c7eb445fd2e9472d0432b6c6fa42c6c21709
-
SHA512
3e327e7038bf725ea274bca3c891799aca426c786b59d6de18aad9052f775bce658ff4286aac9a72324963f5bab6358e5677490b842e9f415e23d378cc7c3352
Static task
static1
Behavioral task
behavioral1
Sample
ed29dc0edb5cacac638c89b2b5d9c7eb445fd2e9472d0432b6c6fa42c6c21709.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
ed29dc0edb5cacac638c89b2b5d9c7eb445fd2e9472d0432b6c6fa42c6c21709.exe
-
Size
161KB
-
MD5
49d8d33e05e8f8a720ee2b2d890729eb
-
SHA1
957ecde5354bd978d08a7e92e8d2d95003e3e441
-
SHA256
ed29dc0edb5cacac638c89b2b5d9c7eb445fd2e9472d0432b6c6fa42c6c21709
-
SHA512
3e327e7038bf725ea274bca3c891799aca426c786b59d6de18aad9052f775bce658ff4286aac9a72324963f5bab6358e5677490b842e9f415e23d378cc7c3352
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-