Analysis
-
max time kernel
43s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
25-07-2022 07:25
Behavioral task
behavioral1
Sample
595142ac0ecaf32e5cd9a477f440bac99b52dcc6c2fa083424d5007fdf0caeec.exe
Resource
win7-20220718-en
windows7-x64
5 signatures
150 seconds
General
-
Target
595142ac0ecaf32e5cd9a477f440bac99b52dcc6c2fa083424d5007fdf0caeec.exe
-
Size
2.3MB
-
MD5
09e7df1b7af441df97311eb490cf6253
-
SHA1
71542eba588e5500118a46e6918f6b19f9e69b66
-
SHA256
595142ac0ecaf32e5cd9a477f440bac99b52dcc6c2fa083424d5007fdf0caeec
-
SHA512
3ffa81253d97ba5317385fbe635038f81ef6b7f50d17c5ab868efb194d0185cc8bc0e2a4ceb576705bc0c9a066df54f7c0ac18ea332f1aa93a51c60fa9d353aa
Malware Config
Signatures
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Processes:
resource yara_rule behavioral1/memory/1744-54-0x000000013F280000-0x000000013F9DA000-memory.dmp upx behavioral1/memory/1744-55-0x000000013F280000-0x000000013F9DA000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
Processes:
description flow ioc HTTP User-Agent header 2 Go-http-client/1.1