General
-
Target
ser33vs.exe
-
Size
1.5MB
-
Sample
210415-1v8rxmfgqa
-
MD5
a812b477526d412e6d89d9733b935406
-
SHA1
dada6f2fde5f1679665625dfba529f0c13c1d1d5
-
SHA256
9ff7923de3f164579964eab7e8f6e23a8ed18c488a862a504a23ef14281198de
-
SHA512
2cd838e2d5a2c7ca6f4bfe6f2035084276677f526cab0194dd3b45007d8d0453528f8ded130dbd3484b751f76221f54c2c8866c137ddd44ae2096e3abefe0cff
Static task
static1
Behavioral task
behavioral1
Sample
ser33vs.exe
Resource
win7v20210408
Malware Config
Targets
-
-
Target
ser33vs.exe
-
Size
1.5MB
-
MD5
a812b477526d412e6d89d9733b935406
-
SHA1
dada6f2fde5f1679665625dfba529f0c13c1d1d5
-
SHA256
9ff7923de3f164579964eab7e8f6e23a8ed18c488a862a504a23ef14281198de
-
SHA512
2cd838e2d5a2c7ca6f4bfe6f2035084276677f526cab0194dd3b45007d8d0453528f8ded130dbd3484b751f76221f54c2c8866c137ddd44ae2096e3abefe0cff
-
Deletes itself
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-