Analysis
-
max time kernel
14s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-07-2021 07:53
Static task
static1
Behavioral task
behavioral1
Sample
mySThe.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
mySThe.exe
-
Size
1.0MB
-
MD5
6d298ea9fddcb15bc12be3699b88724e
-
SHA1
946732233c9490060639a44ea593f2ccd6ddc30b
-
SHA256
74499fe96913a5ec1b89d8b79ca8bf2d3fd598c0d65339bd6d6223599f20aa7b
-
SHA512
40e40caaf22651eb749694b1827f1902c89935bb5f40baf7ec3c68bfd277b68bd76c3a7c54cfa4ce7959b7067b6fb00ec1513f57e330df7790a95e7ed6ebc8ed
Malware Config
Signatures
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 8 api.ipify.org 9 api.ipify.org -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
mySThe.exepid Process 4020 mySThe.exe 4020 mySThe.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
mySThe.exedescription pid Process Token: SeDebugPrivilege 4020 mySThe.exe