Analysis
-
max time kernel
5s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
27-03-2021 07:13
Static task
static1
Behavioral task
behavioral1
Sample
f56a39a0417c779c0b48fa7b2638cc58.exe
Resource
win7v20201028
General
-
Target
f56a39a0417c779c0b48fa7b2638cc58.exe
-
Size
753KB
-
MD5
f56a39a0417c779c0b48fa7b2638cc58
-
SHA1
351ad6d8775a69d06498dbc6953f366f6c5e11fc
-
SHA256
97e799becef44ad19659b81b1d8604ec6888304efc73bb105ed233096ad20045
-
SHA512
06a94e843792ee261facc3560009eb4fb2f3bdd4e3af77a65d27703d9a7aa2f6b0df520fe8eb3f5a4b81ee2d53a01bfc5fc9f04f93967ec6f10fadc6c4080616
Malware Config
Signatures
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
f56a39a0417c779c0b48fa7b2638cc58.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString f56a39a0417c779c0b48fa7b2638cc58.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 f56a39a0417c779c0b48fa7b2638cc58.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
f56a39a0417c779c0b48fa7b2638cc58.exepid process 776 f56a39a0417c779c0b48fa7b2638cc58.exe 776 f56a39a0417c779c0b48fa7b2638cc58.exe