Analysis
-
max time kernel
4294181s -
max time network
134s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
14-03-2022 12:23
Static task
static1
Behavioral task
behavioral1
Sample
c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7.exe
Resource
win10v2004-20220310-en
General
-
Target
c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7.exe
-
Size
556KB
-
MD5
e426879290dcc6f1218a98b8ec99f4b2
-
SHA1
b7b04374136d5efff82de0d9620c388ce2689fff
-
SHA256
c9ffd4cffc24bc98ed738d63c2c332089b1da8688426ffec8ffdc6042a6cebb7
-
SHA512
317748230e623d8ca6c79542b1f9339c4776d7927177a2e3f62634f9bf0d55b3795b841059389d8ed944648a0728e03593020002e1204d553831141fb1828ba5
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 4 bot.whatismyipaddress.com