Analysis
-
max time kernel
4294178s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
10-03-2022 20:55
Static task
static1
Behavioral task
behavioral1
Sample
4955d4c4118b0a607f02360195d3ebbf3596d4e9ae8a33b5b461fdebdeb15910.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
4955d4c4118b0a607f02360195d3ebbf3596d4e9ae8a33b5b461fdebdeb15910.exe
Resource
win10v2004-20220310-en
General
-
Target
4955d4c4118b0a607f02360195d3ebbf3596d4e9ae8a33b5b461fdebdeb15910.exe
-
Size
556KB
-
MD5
6d193e9600a7bc5ba7fde63e44beaf4e
-
SHA1
8d700962dc771d2ba1b1343adc4bdc3d5ecd338d
-
SHA256
4955d4c4118b0a607f02360195d3ebbf3596d4e9ae8a33b5b461fdebdeb15910
-
SHA512
95f0b05daa233e55b48a125544447dab2fc6e8ed01baf79f982defb5cf364a5a76059ad432f777ec1acba77f03cdea8a568c8a67448e96f51b6d33113aa31ef1
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 4 bot.whatismyipaddress.com