Analysis
-
max time kernel
13s -
max time network
122s -
platform
windows10_x64 -
resource
win10v20210410 -
submitted
30-07-2021 07:54
Static task
static1
Behavioral task
behavioral1
Sample
stpastio.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
stpastio.exe
-
Size
1.0MB
-
MD5
76240af1d6ebffbf210af7d95b59b97e
-
SHA1
8f029dfb9a98bd1c34335010c97780ac3f602d61
-
SHA256
18f6c675acef58163ad7322fbbaf75ac8d92c50e3f4e2dd02f26bbc4a93f4262
-
SHA512
71f2a9bb9a3ba9b0123fa302c6a96f9ff5b58be7804d1a84c170c4b69173428ddbc6807e91e034b23f83db9b51dfb8c6c7ae439fb822b7887927e5c84c007687
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 6 api.ipify.org 7 api.ipify.org 10 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
stpastio.exepid Process 3164 stpastio.exe 3164 stpastio.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
stpastio.exedescription pid Process Token: SeDebugPrivilege 3164 stpastio.exe