Extracted

• • Target

    svchost.exe

  • Size

    2.2MB

  • MD5

    f03dfb589547f36347100634d84b13eb

  • SHA1

    962791267c7ef9d478d67bddceab8a8132f0e44a

  • SHA256

    3bed0b372700d3421c5833e16585b22f7396d5552fd2ce166ade3f4c4236492b

  • SHA512

    fc47e9fd101e54b65ce1211efa3e48d08f2453fd5a506ab1f3587d2b4da802e243d8855f486eedf71ff3ca719da63244fe94a4896fd6002d5a587fec479cd1c1

  • SSDEEP

    24576:OOfsfKozBKHAhRh3KzPSA7R7Bt28SVSVlzyQOQZ9IEb68vL4R+2pYJeCYMXABtM:PBozBdhEV7q8bOQnIFWY+3Je0w0

  Score

  7^/10

  discoveryspywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2