Analysis
-
max time kernel
171s -
max time network
195s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
03-06-2022 01:22
Static task
static1
Behavioral task
behavioral1
Sample
144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exe
Resource
win7-20220414-en
windows7_x64
0 signatures
0 seconds
General
-
Target
144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exe
-
Size
321KB
-
MD5
eb633b7b53815cbe4c12d061063e76ce
-
SHA1
d13b6282807fa2518c483029b9b981a51627e3cc
-
SHA256
144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05
-
SHA512
64cec8e01d66752947a5ecdcde8091a9401d280c0a30a1cb18ef8608cd19a6db67d3fca793e568a68f23bbc5485a6aafa8028608f7e509d51857055d50aacfdf
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
Processes:
144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exepid process 3292 144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exe 3292 144f8c182177eead9b05dac7efdeda5fb423b1bb0e7ec211bb8623d072929c05.exe