General
-
Target
api.zip
-
Size
12.7MB
-
Sample
210306-lgjva8yaga
-
MD5
b97b822820f5cfe7a850420cc05b0fcd
-
SHA1
b42f5c4e29c4daa7591bd0467becf2a5e2ea9b11
-
SHA256
c12d6c4a047652427388db0fcb7c6ef300efefde6f332868e3a5385af671a988
-
SHA512
1f0f83bb48920f8621071e3b5709759a15ac65ea358a775333a38f661a22eb800389752716dffb1e6db5d7b9e3d94eae0746697320a4c5d206a725c7e897500d
Static task
static1
Behavioral task
behavioral1
Sample
api.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
api.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
api
-
Size
27.1MB
-
MD5
26478574b460e9441f2d0cd9b4b9239c
-
SHA1
af98a257f41f232ab102cbd26f1d82478902e976
-
SHA256
b929f172ac60bd09a130eafd7cd9435b68adb81a813df037ec75d400c3420e22
-
SHA512
62ecff48c310bbe416a38b9dc7140bcf0d6f1c89e968786f420e669fafe1b88b8fa72c83151fc6e1eed0e557b34b43fe4163d57aa0721cb6ac412ff83d9d0ade
Score8/10-
Drops file in Drivers directory
-
Sets service image path in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-