Analysis
-
max time kernel
16s -
max time network
116s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
28-05-2021 17:37
Static task
static1
Behavioral task
behavioral1
Sample
0427ebb4_extracted.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
0427ebb4_extracted.exe
-
Size
548KB
-
MD5
bf74b01fa21c53d0a869f55ae8b34c04
-
SHA1
ce68d05bcdc00dddfa604ef56df4c2d6ed354689
-
SHA256
6140f55019484357bd0d8ca5f063ce2ce8dbb4636973fdcb8d1c80f6bde8893c
-
SHA512
2ab5f0006dfc302e1e2c53fe476605245a0708365f56dbe968a616ada7e6de274e8805477e969931e7067d545b9894adc848793753a4ee9028d089c6147556b8
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 25 bot.whatismyipaddress.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
0427ebb4_extracted.exepid process 3400 0427ebb4_extracted.exe 3400 0427ebb4_extracted.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
0427ebb4_extracted.exedescription pid process Token: SeDebugPrivilege 3400 0427ebb4_extracted.exe