Analysis
-
max time kernel
55s -
max time network
52s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 13:02
Behavioral task
behavioral1
Sample
Insidious.exe
Resource
win7-20240419-en
General
-
Target
Insidious.exe
-
Size
303KB
-
MD5
0806acefdfc7d5602fb29b696edb0c64
-
SHA1
ff456af5fecb477cc00fffbaa4c206d18a62ee6a
-
SHA256
beecfc72917651d131028b60ab9a5dfb0b8e5e4ec60248321637048e06c524b7
-
SHA512
aa9bf80089dd565e2a4fa0af41f42c033c8093f83e52020b6c86c4cafeb49b627d712de89625adfbbc537d60f8fa0525b3c02164f4e34900c64ca3fd4fee134e
-
SSDEEP
6144:sdFT6MDdbICydeBvRaifWp93duW6jmA1D00Yp:sdzJaifWz3BY1D8p
Malware Config
Extracted
44caliber
https://discord.com/api/webhooks/1233119648527159317/Az86qBZQwyED_alc1sGO6UWR18PzIJCJX0PM3XdL1VTOwZPXr0B4Rc6-GqAkKUjg4Jn2
Signatures
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 1 freegeoip.app -
Suspicious behavior: EnumeratesProcesses 3 IoCs
Processes:
Insidious.exepid Process 2544 Insidious.exe 2544 Insidious.exe 2544 Insidious.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Insidious.exedescription pid Process Token: SeDebugPrivilege 2544 Insidious.exe