Analysis
-
max time kernel
40s -
max time network
60s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
22-08-2021 15:37
Static task
static1
General
-
Target
Lucky Fixed.exe
-
Size
1.5MB
-
MD5
6a32b1b835f78438ddbbadb444203b52
-
SHA1
407398b8f5981189ffa86b41efd3547c1cffd663
-
SHA256
3ef80a7a371def66b2811ae322f516c62d6a0f1d534a08967f577dc13390408c
-
SHA512
00ff4c6d4a93ed9a3d0a86d9b0397eff1d1ed5d3a333f17bc60fd483844bed04e5e160d813150487abc1a0125289eaf2e4bc9677f7d5a10373e8e8dda815d11d
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 7 api.ipify.org 8 api.ipify.org 14 ip-api.com -
Suspicious behavior: EnumeratesProcesses 18 IoCs
Processes:
Lucky Fixed.exepid Process 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe 416 Lucky Fixed.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Lucky Fixed.exedescription pid Process Token: SeDebugPrivilege 416 Lucky Fixed.exe