Overview

overview

7

Static

static

IntegraL.exe

windows7_x64

7

IntegraL.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IntegraL.exe

  • Size

    1.7MB

  • Sample

    210412-rjjasnf7e6

  • MD5

    3a441719e8227b47c48b143a818fd9db

  • SHA1

    a86e0f25041c2fd53fe5c9b0ef562dfd465beea8

  • SHA256

    5264cba383d033b281e0d9c097225f350fa4cb4aa910621638e79c8659ac4035

  • SHA512

    521dec402204e331cdd338676a9b2a355f5dfd7cf331511e79ed9b5b31b0719c025cf6dfdcf437b73fec89ab9f327473de3770f6c248fc1aba4bcd74e0d0c136

Score
7/10
discoveryspywarestealer

Malware Config

Targets

    • Target

      IntegraL.exe

    • Size

      1.7MB

    • MD5

      3a441719e8227b47c48b143a818fd9db

    • SHA1

      a86e0f25041c2fd53fe5c9b0ef562dfd465beea8

    • SHA256

      5264cba383d033b281e0d9c097225f350fa4cb4aa910621638e79c8659ac4035

    • SHA512

      521dec402204e331cdd338676a9b2a355f5dfd7cf331511e79ed9b5b31b0719c025cf6dfdcf437b73fec89ab9f327473de3770f6c248fc1aba4bcd74e0d0c136

    Score
    7/10
    discoveryspywarestealer

    • Reads local data of messenger clients

      Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks