Analysis
-
max time kernel
15s -
max time network
114s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-07-2021 07:53
Static task
static1
Behavioral task
behavioral1
Sample
gan.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
gan.exe
-
Size
1.0MB
-
MD5
87eaf345538203eec98ef5eb3f5fb4e2
-
SHA1
3c32b64679c2e85b9b843ed7a3a38094b5719ba4
-
SHA256
07e3cf6d608401dd2b8cc367deea6c4d9ea110056d3f32bfd87e1f8555083cf1
-
SHA512
553ce491a393f32ba67a8c1871fddc840bd3fc2569f57af5ae20a9ee40961e7c435cf91cdfe93574777932d08abd5380b6dfdb607aee080542cb40f157419c9d
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 7 api.ipify.org 8 api.ipify.org 9 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
gan.exepid Process 4044 gan.exe 4044 gan.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
gan.exedescription pid Process Token: SeDebugPrivilege 4044 gan.exe