Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
24/09/2024, 18:59
Static task
static1
Behavioral task
behavioral1
Sample
eb97052899bb8e9d32865a2b3269122252942286618387278279d792b13dfd72.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
eb97052899bb8e9d32865a2b3269122252942286618387278279d792b13dfd72.exe
Resource
win10v2004-20240802-en
General
-
Target
eb97052899bb8e9d32865a2b3269122252942286618387278279d792b13dfd72.exe
-
Size
8.5MB
-
MD5
8d53eb752c4c26795c3cc334c9a64611
-
SHA1
f1a3d4a4a1110d616ad82bdb64d98b011adc00c7
-
SHA256
eb97052899bb8e9d32865a2b3269122252942286618387278279d792b13dfd72
-
SHA512
f501f8eee32ec863aa061be6fe07e382e38adeaa20b110792310f457af4591dec289145a7f10b6aa5023d5143e773312c5c5a4c078286d8604feb689db288e99
-
SSDEEP
196608:qa+ZIGwdfbWgPfZ0nwsiBOCaepkvxEcBqc2xHFJLc04ylx40tk:mZIGwdfjhTsigHvxE9c2xH/crylx402
Malware Config
Signatures
-
An open source browser data exporter written in golang. 6 IoCs
resource yara_rule behavioral1/memory/572-6-0x0000000000B20000-0x000000000284E000-memory.dmp family_hackbrowserdata behavioral1/memory/572-2-0x0000000000B20000-0x000000000284E000-memory.dmp family_hackbrowserdata behavioral1/memory/572-3-0x0000000000B20000-0x000000000284E000-memory.dmp family_hackbrowserdata behavioral1/memory/572-9-0x0000000000B20000-0x000000000284E000-memory.dmp family_hackbrowserdata behavioral1/memory/572-4-0x0000000000B20000-0x000000000284E000-memory.dmp family_hackbrowserdata behavioral1/memory/572-5-0x0000000000B20000-0x000000000284E000-memory.dmp family_hackbrowserdata -
HackBrowserData
An open source golang web browser extractor.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
pid Process 572 eb97052899bb8e9d32865a2b3269122252942286618387278279d792b13dfd72.exe 572 eb97052899bb8e9d32865a2b3269122252942286618387278279d792b13dfd72.exe