Analysis
-
max time kernel
149s -
max time network
171s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
19/04/2022, 04:06
Static task
static1
Behavioral task
behavioral1
Sample
00_300us.exe
Resource
win7-20220414-en
0 signatures
0 seconds
General
-
Target
00_300us.exe
-
Size
347KB
-
MD5
88d5c0bff7ccbc87e94adf5aed73e1d9
-
SHA1
8d4e1c37d3cee528d4cc43f33aa001ce5ac5e3c9
-
SHA256
22e463d29590a7485292819597991bcd06bf8ceceebf567c955f294dc542711a
-
SHA512
dca5f477161cb6ac8fdf7720d4070470128ab171a20eca3f8768d7bd85085e7755264dffdf71eb3c8498a03394810fff33e7c0dbbe16ce41e5df218c5dfc8778
Malware Config
Extracted
Family
arkei
Botnet
Default
C2
http://45.138.157.138/ZSnH91i5Xb.php
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Program crash 1 IoCs
pid pid_target Process procid_target 996 3332 WerFault.exe 79
Processes
-
C:\Users\Admin\AppData\Local\Temp\00_300us.exe"C:\Users\Admin\AppData\Local\Temp\00_300us.exe"1⤵PID:3332
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 6442⤵
- Program crash
PID:996
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 3332 -ip 33321⤵PID:1752