Analysis
-
max time kernel
4294179s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20220311-en -
submitted
14-03-2022 15:00
Static task
static1
Behavioral task
behavioral1
Sample
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
Resource
win7-20220311-en
Behavioral task
behavioral2
Sample
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
Resource
win10v2004-en-20220113
General
-
Target
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0.exe
-
Size
552KB
-
MD5
2a3415ff37c6f1b5513c9b0c2195b9c4
-
SHA1
37ac33429ba6e0391e8dab7dd1ca350801110b74
-
SHA256
c0f07f5768640e2558bc0d277ae6dac37a0ba98921bd480fcc961c6caa1adbc0
-
SHA512
278900181fa9a80a4d30fb34d7b0e4829c57694bee3d693e3714a4eaf1ca62d5c6310f230064b7d443b356c5a30089ff566afa11d3f2256a16ca736c6a6d928a
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 6 bot.whatismyipaddress.com