Analysis
-
max time kernel
91s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20220721-en -
resource tags
arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system -
submitted
25-07-2022 07:25
Behavioral task
behavioral1
Sample
595142ac0ecaf32e5cd9a477f440bac99b52dcc6c2fa083424d5007fdf0caeec.exe
Resource
win7-20220718-en
windows7-x64
5 signatures
150 seconds
General
-
Target
595142ac0ecaf32e5cd9a477f440bac99b52dcc6c2fa083424d5007fdf0caeec.exe
-
Size
2.3MB
-
MD5
09e7df1b7af441df97311eb490cf6253
-
SHA1
71542eba588e5500118a46e6918f6b19f9e69b66
-
SHA256
595142ac0ecaf32e5cd9a477f440bac99b52dcc6c2fa083424d5007fdf0caeec
-
SHA512
3ffa81253d97ba5317385fbe635038f81ef6b7f50d17c5ab868efb194d0185cc8bc0e2a4ceb576705bc0c9a066df54f7c0ac18ea332f1aa93a51c60fa9d353aa
Malware Config
Signatures
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Processes:
resource yara_rule behavioral2/memory/4520-130-0x00007FF7C1180000-0x00007FF7C18DA000-memory.dmp upx behavioral2/memory/4520-131-0x00007FF7C1180000-0x00007FF7C18DA000-memory.dmp upx -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
GoLang User-Agent 1 IoCs
Uses default user-agent string defined by GoLang HTTP packages.
Processes:
description flow ioc HTTP User-Agent header 2 Go-http-client/1.1