Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
06-06-2024 18:16
Behavioral task
behavioral1
Sample
eda1749ecd5d30aebc623e3ed3679e33.exe
Resource
win7-20240419-en
General
-
Target
eda1749ecd5d30aebc623e3ed3679e33.exe
-
Size
149KB
-
MD5
eda1749ecd5d30aebc623e3ed3679e33
-
SHA1
36bac5bad466a15b4385bf1bc07e681682c277cd
-
SHA256
fbbc0e3624e3fbe0cedff57c1e63f17855adb1c6b9fb83db9aec86b34e537134
-
SHA512
d08fae35eb98f3d7c6a1dbff195510502d3c382cb2b59d8d1b46c44a5369924ac54bd1160808a28518bf121070b03c98471881f560e69f26df90be6b9b7320db
-
SSDEEP
3072:mF1w5ZnALHQ1h18DI1+u5hIBzl+J3fu3/Xd35qVpUnTiuPA9QPOFqGxB1/D:UqjnALHQ1h18DI1++kObVpUnTiuPA9Qm
Malware Config
Signatures
-
Detect Xehook Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/1064-0-0x0000000000100000-0x000000000012C000-memory.dmp family_xehook -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 5 ip-api.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
eda1749ecd5d30aebc623e3ed3679e33.exedescription pid process Token: SeDebugPrivilege 1064 eda1749ecd5d30aebc623e3ed3679e33.exe