Analysis
-
max time kernel
98s -
max time network
81s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
26-09-2021 14:34
Static task
static1
Behavioral task
behavioral1
Sample
3b0601423f1fb5ca121b524c6273f7d1.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
General
-
Target
3b0601423f1fb5ca121b524c6273f7d1.exe
-
Size
116KB
-
MD5
3b0601423f1fb5ca121b524c6273f7d1
-
SHA1
c1894ec3b68fc66110b07b3a40d5a1e6b6546eb2
-
SHA256
505955d7473e78b1a2052774dff218b9a46b93d9156d6233bb28c532c818b75d
-
SHA512
974d17385d416be42acb3ae074a5248bbd7cad8c3cd8eda359d8cbd72eff19da3822e217a897016e2b3f87b8b9236b568b26c30ba6546eb21ca6b08b65f270b5
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
3b0601423f1fb5ca121b524c6273f7d1.exepid process 2044 3b0601423f1fb5ca121b524c6273f7d1.exe 2044 3b0601423f1fb5ca121b524c6273f7d1.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
3b0601423f1fb5ca121b524c6273f7d1.exedescription pid process Token: SeDebugPrivilege 2044 3b0601423f1fb5ca121b524c6273f7d1.exe