Analysis
-
max time kernel
23s -
max time network
123s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
13-08-2021 14:54
Static task
static1
Behavioral task
behavioral1
Sample
9.exe
Resource
win7v20210410
General
-
Target
9.exe
-
Size
1.0MB
-
MD5
6016445d4e3cee2e3efc99f412e9dadc
-
SHA1
c2340620feee283fa98bf67b468b73c6868bbe0b
-
SHA256
a6960926d530880cde47a08146cb733b1b69fad3cd30b8af4d7afa999254e3c0
-
SHA512
cd23c3b8ee689e49d0c3d3c58bb82af15449edad2a51ce8d56063fb12a4f05b57fcd866175844dd371ba4f3366cf9ad5da9183cf4fa09ca20f5cef887d59c19a
Malware Config
Signatures
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
suricata: ET MALWARE Trojan Generic - POST To gate.php with no accept headers
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 8 api.ipify.org 9 api.ipify.org 14 ip-api.com -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
9.exepid process 764 9.exe 764 9.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
9.exedescription pid process Token: SeDebugPrivilege 764 9.exe