Analysis
-
max time kernel
134s -
max time network
103s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
07-06-2024 03:14
Behavioral task
behavioral1
Sample
fbbc0e3624e3fbe0cedff57c1e63f17855adb1c6b9fb83db9aec86b34e537134.exe
Resource
win7-20231129-en
General
-
Target
fbbc0e3624e3fbe0cedff57c1e63f17855adb1c6b9fb83db9aec86b34e537134.exe
-
Size
149KB
-
MD5
eda1749ecd5d30aebc623e3ed3679e33
-
SHA1
36bac5bad466a15b4385bf1bc07e681682c277cd
-
SHA256
fbbc0e3624e3fbe0cedff57c1e63f17855adb1c6b9fb83db9aec86b34e537134
-
SHA512
d08fae35eb98f3d7c6a1dbff195510502d3c382cb2b59d8d1b46c44a5369924ac54bd1160808a28518bf121070b03c98471881f560e69f26df90be6b9b7320db
-
SSDEEP
3072:mF1w5ZnALHQ1h18DI1+u5hIBzl+J3fu3/Xd35qVpUnTiuPA9QPOFqGxB1/D:UqjnALHQ1h18DI1++kObVpUnTiuPA9Qm
Malware Config
Signatures
-
Detect Xehook Payload 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3088-0-0x0000000000F50000-0x0000000000F7C000-memory.dmp family_xehook -
Detects executables packed with ConfuserEx Mod 1 IoCs
Processes:
resource yara_rule behavioral2/memory/3088-0-0x0000000000F50000-0x0000000000F7C000-memory.dmp INDICATOR_EXE_Packed_ConfuserEx -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 10 ip-api.com -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
fbbc0e3624e3fbe0cedff57c1e63f17855adb1c6b9fb83db9aec86b34e537134.exedescription pid Process Token: SeDebugPrivilege 3088 fbbc0e3624e3fbe0cedff57c1e63f17855adb1c6b9fb83db9aec86b34e537134.exe