General
-
Target
Adminservices.exe
-
Size
1.5MB
-
Sample
211019-p89kcsgfhr
-
MD5
d68c258f383ab0786b2ed6ebfec2b7ad
-
SHA1
4900d52e4ea9179c28d870915a18f6dd10fdfa93
-
SHA256
584c144d09b76173e49dcdf517526d26ef26959e447734612343d03d25145f5e
-
SHA512
968c790aefa5072eb5603c3d29128e0db931098a499a84155b07c4f8b38b323332ad4fc0435f456c51e1ec177ba39d0ff085440d8966370b80bd12acd6cc46fd
Malware Config
Targets
-
-
Target
Adminservices.exe
-
Size
1.5MB
-
MD5
d68c258f383ab0786b2ed6ebfec2b7ad
-
SHA1
4900d52e4ea9179c28d870915a18f6dd10fdfa93
-
SHA256
584c144d09b76173e49dcdf517526d26ef26959e447734612343d03d25145f5e
-
SHA512
968c790aefa5072eb5603c3d29128e0db931098a499a84155b07c4f8b38b323332ad4fc0435f456c51e1ec177ba39d0ff085440d8966370b80bd12acd6cc46fd
Score10/10-
suricata: ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)
suricata: ET MALWARE Win32/Voltron/Spectre Stealer Checkin Activity (GET)
-
suricata: ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)
suricata: ET MALWARE Win32/Voltron/Spectre Stealer CnC Activity (POST)
-
suricata: ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)
suricata: ET MALWARE Win32/Voltron/Spectre Stealer Download Activity (GET)
-
suricata: ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)
suricata: ET MALWARE Win32/Voltron/Spectre Stealer Sending OS Information (POST)
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-