Analysis
-
max time kernel
29s -
max time network
120s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
11-08-2021 13:21
Static task
static1
Behavioral task
behavioral1
Sample
NewHacks.exe
Resource
win7v20210410
General
-
Target
NewHacks.exe
-
Size
1.1MB
-
MD5
d59bf492da2f21db13264aba7b40f464
-
SHA1
c69eadf5aa174c34c90445548d5b2d5888957eae
-
SHA256
4732655de9b6a0497a825ab53ef9e8c3db1a9d1520d1ae505ec2b07df305cef1
-
SHA512
f781f75e84f88c9aa015644ba5744d5b360951fc753d054f2e999244907baae5a109563c5b4817a2e7ee2f91c2048366552d22364e593503ba8aec05ce4cef59
Malware Config
Signatures
-
Echelon log file 1 IoCs
Detects a log file produced by Echelon.
Processes:
yara_rule echelon_log_file -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 10 api.ipify.org 11 api.ipify.org 12 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
NewHacks.exepid Process 992 NewHacks.exe 992 NewHacks.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
NewHacks.exedescription pid Process Token: SeDebugPrivilege 992 NewHacks.exe