Analysis
-
max time kernel
23s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
16-07-2021 09:09
Static task
static1
Behavioral task
behavioral1
Sample
265.exe
Resource
win7v20210410
0 signatures
0 seconds
General
-
Target
265.exe
-
Size
1.0MB
-
MD5
265f0934a95c1bf8ce0e9b38d616148b
-
SHA1
e038b807d028456d065413b39e2330c377055d7d
-
SHA256
c1e2c2894d5925dc2b0d244ba32de7cc147abf0fe5afc99f9224dbc6609088d3
-
SHA512
224767ad906d46f73cb99fe405f7df17eac1089054c116f7524cd98a1a454d12dffb1899aa79a1c5b7327bda2e0298bfce65f7a13c202423c316a12d2e84c0aa
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 7 api.ipify.org 8 api.ipify.org 13 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
265.exepid process 396 265.exe 396 265.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
265.exedescription pid process Token: SeDebugPrivilege 396 265.exe