Analysis
-
max time kernel
14s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
08-04-2021 11:57
Static task
static1
Behavioral task
behavioral1
Sample
Lucky_Execute.bin.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
General
-
Target
Lucky_Execute.bin.exe
-
Size
1.0MB
-
MD5
0a8d7545824b45b1b49fe4edabfa7ed4
-
SHA1
aa2bdeca74c0a49a3c7305cfd477e6ef1317b7a2
-
SHA256
5846a8f96c27b089cbb3cba02aeb3b60a8b4fb0a9083b1414474e86ca92c79d0
-
SHA512
81b2b00883270bdae2c75c999b3b98bef9325c5af3ecd7afa0dcbecd4220531046a464713d9b75b54c8e960ada2167191477541724b548289fec1bb42087c669
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 13 api.ipify.org 14 api.ipify.org 16 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
Lucky_Execute.bin.exepid process 3244 Lucky_Execute.bin.exe 3244 Lucky_Execute.bin.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Lucky_Execute.bin.exedescription pid process Token: SeDebugPrivilege 3244 Lucky_Execute.bin.exe