General
-
Target
44c671f6aaca45b2db6397a3037a471aa2889538ebc73138bfeb34e50e1df1f6
-
Size
706KB
-
Sample
210302-e5152ybwh2
-
MD5
678498a4f39ff828905f485d34f9cb35
-
SHA1
ad9f93fd5c4c229b41cd3de9fc66176b2ef96161
-
SHA256
44c671f6aaca45b2db6397a3037a471aa2889538ebc73138bfeb34e50e1df1f6
-
SHA512
aa65624c7ebfed2ad791ea132b5a39a06c9be4e9d9efb25dfa681d89a671c3a691d3eff290ce4bb10791f933dff75e928d26f75d246d25cbb1568fa738251c6e
Static task
static1
Behavioral task
behavioral1
Sample
44c671f6aaca45b2db6397a3037a471aa2889538ebc73138bfeb34e50e1df1f6.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
44c671f6aaca45b2db6397a3037a471aa2889538ebc73138bfeb34e50e1df1f6.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
44c671f6aaca45b2db6397a3037a471aa2889538ebc73138bfeb34e50e1df1f6
-
Size
706KB
-
MD5
678498a4f39ff828905f485d34f9cb35
-
SHA1
ad9f93fd5c4c229b41cd3de9fc66176b2ef96161
-
SHA256
44c671f6aaca45b2db6397a3037a471aa2889538ebc73138bfeb34e50e1df1f6
-
SHA512
aa65624c7ebfed2ad791ea132b5a39a06c9be4e9d9efb25dfa681d89a671c3a691d3eff290ce4bb10791f933dff75e928d26f75d246d25cbb1568fa738251c6e
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-