General
-
Target
svchosts.exe
-
Size
20.8MB
-
Sample
240726-1v63vszhpe
-
MD5
9ef002377d4522601bcd1e2fbca90096
-
SHA1
6ad5827c75301a3f59717924d812c60e73b723ea
-
SHA256
5dcf092279becaf7a4824d1ab5105c242fe86a1d673965a90646c4251c7664dd
-
SHA512
420f4becab6023de1cdbb1929567ff0d939a9bea24dc4582770bf1d828fe0641408ef02618e9fe919961bd19da13b5f457d9c005cdad2825c3395129f8f02c2a
-
SSDEEP
393216:KnV9TOQG4ItSkw+0/pWOY4RaSHkBYe2WcPpi+59iHm:g9TOQJ23w+0/pWHSMwjhfiG
Malware Config
Targets
-
-
Target
svchosts.exe
-
Size
20.8MB
-
MD5
9ef002377d4522601bcd1e2fbca90096
-
SHA1
6ad5827c75301a3f59717924d812c60e73b723ea
-
SHA256
5dcf092279becaf7a4824d1ab5105c242fe86a1d673965a90646c4251c7664dd
-
SHA512
420f4becab6023de1cdbb1929567ff0d939a9bea24dc4582770bf1d828fe0641408ef02618e9fe919961bd19da13b5f457d9c005cdad2825c3395129f8f02c2a
-
SSDEEP
393216:KnV9TOQG4ItSkw+0/pWOY4RaSHkBYe2WcPpi+59iHm:g9TOQJ23w+0/pWHSMwjhfiG
Score9/10-
Credentials from Password Stores: Credentials from Web Browsers
Malicious Access or copy of Web Browser Credential store.
-
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Command and Scripting Interpreter: PowerShell
Using powershell.exe command.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-