Analysis
-
max time kernel
20s -
max time network
115s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
18-07-2021 12:42
Static task
static1
Behavioral task
behavioral1
Sample
nixware beta/EZinjector reborn for CSGO.exe.exe
Resource
win7v20210410
windows7_x64
0 signatures
0 seconds
General
-
Target
nixware beta/EZinjector reborn for CSGO.exe.exe
-
Size
1.0MB
-
MD5
eb38d801bd68576feb5ab7410ae70e5a
-
SHA1
d986896e82195070aab8bf500a2c0f97cc7235a5
-
SHA256
c161dfcb0fcec751eb7c8963c5f58efd411a9f866ab743ae0e3ff41a8f5cc982
-
SHA512
7f31b26e702e86a421cc21f11e16b85b7c2b00ee7331e7d97fca3a219cd1c1e49b5f5cad16fd41e45854cbda5364888fa210b65c1dc2cd76a5a42a8fffe3681e
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 7 api.ipify.org 8 api.ipify.org 10 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
EZinjector reborn for CSGO.exe.exepid process 2680 EZinjector reborn for CSGO.exe.exe 2680 EZinjector reborn for CSGO.exe.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
EZinjector reborn for CSGO.exe.exedescription pid process Token: SeDebugPrivilege 2680 EZinjector reborn for CSGO.exe.exe