Analysis
-
max time kernel
59s -
max time network
62s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
19-05-2023 08:32
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Trojan.GenericKD.67105603.26974.308.exe
Resource
win7-20230220-en
General
-
Target
SecuriteInfo.com.Trojan.GenericKD.67105603.26974.308.exe
-
Size
316KB
-
MD5
cd4121ea74cbd684bdf3a08c0aaf54a4
-
SHA1
ee87db3dd134332b815d17d717b1ed36939dfa35
-
SHA256
4ebe4e62066ac10efc23e7b63e421cc153b426e036309dbf99e4a4aa97122782
-
SHA512
af2b1ee11be992295a932fb6bf6221a077c33823367e5f26aa7b4f9bdd573482a67b2dab90cc778096cd57bf5892adc0678d23fe73de39c29f9377b1835ca100
-
SSDEEP
6144:oIh0zAu3vOiefUQH3PDKcL90ICtZRIfNJcqTJt2e83Kvixc9Ai2kNND80:o+0cu3vOiX0qIsZRIfjcqdt2e83KSC5N
Malware Config
Signatures
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
SecuriteInfo.com.Trojan.GenericKD.67105603.26974.308.exepid process 1448 SecuriteInfo.com.Trojan.GenericKD.67105603.26974.308.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
SecuriteInfo.com.Trojan.GenericKD.67105603.26974.308.exedescription pid process Token: SeLoadDriverPrivilege 1448 SecuriteInfo.com.Trojan.GenericKD.67105603.26974.308.exe