Resubmissions
28/03/2023, 20:45
230328-zj5j8adc69 7Analysis
-
max time kernel
140s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
28/03/2023, 20:45
Static task
static1
Behavioral task
behavioral1
Sample
real.exe
Resource
win7-20230220-en
4 signatures
150 seconds
General
-
Target
real.exe
-
Size
10.2MB
-
MD5
5db31270f13ff653da149f7711ca0e28
-
SHA1
a5548175212887c0c063e085870c45f2b5bfa31e
-
SHA256
8a14f77aacbfaa100c9edc4e1fd055e1ab48a64dd49839ab5e84a3b3b5bff78e
-
SHA512
e117cdcd42e7f7192fda9a36826f61b75ccb44d464fe8bb2c283692d63310074927fee320cedcfcd746c078d28714074a923b030deb414d68d824e0735c06e43
-
SSDEEP
49152:b/m+QJEBLOHAkThmIqD2xx/qldoJ6fhtJk5IDm2V4QNhAejRmf4ljRmz4gl4EyKj:VO3r9M4QE4w4gYoAUo46Tb7sSl
Malware Config
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Program crash 1 IoCs
pid pid_target Process procid_target 268 848 WerFault.exe 26 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 848 wrote to memory of 268 848 real.exe 28 PID 848 wrote to memory of 268 848 real.exe 28 PID 848 wrote to memory of 268 848 real.exe 28