Analysis
-
max time kernel
147s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
04-07-2024 04:13
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240508-en
3 signatures
150 seconds
General
-
Target
file.exe
-
Size
2.4MB
-
MD5
f19adb4ea42ab4e1cfe99d50a00956e3
-
SHA1
5da5eb1c673010c0b9999c4943999696ecbcdc9d
-
SHA256
9023777f5529c209b55ac61d14e2a7f978491d14df51268b49d947010f46376d
-
SHA512
6583ef56e91d3fb02d75d5cdf1cfd47d543edbefd5c311f1e6ddfb800c943a4504ab0f747829a75dd98a2c8831e010504f1104d115359a3a8848b1645c57ad41
-
SSDEEP
49152:qPiKGXBUQl7x+fss5ceOAlBqEO110m5GTsDM4nk2OMFCAsB5uE6WxBHnwB8z:qsz3ns6eDBqEO7R+IDk2OMF/8uZghwM
Malware Config
Extracted
Family
stealc
Botnet
jony
C2
http://85.28.47.4
Attributes
-
url_path
/920475a59bac849d.php
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
Processes:
file.exepid Process 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe 1640 file.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
file.exepid Process 1640 file.exe