General
-
Target
SBA_DISA.EXE
-
Size
152KB
-
Sample
200402-2xn5k91z3n
-
MD5
43927d58e211d5a2d2670bf46b1d9884
-
SHA1
89dba75b13a506ee5042b5636c06555baf85050c
-
SHA256
a6cc856405546af76f769ae3148e782571675af436ae9701c17d081266d6c835
-
SHA512
12982c56cf7b9864b60829336b4c33a1caee4061fccf434fa9809f71b3259c3823cb6786656d639bc0fabe0a683793df4a6ba34d9f35b47801688b3f28bb5521
Static task
static1
Behavioral task
behavioral1
Sample
SBA_DISA.EXE
Resource
win7v200217
Behavioral task
behavioral2
Sample
SBA_DISA.EXE
Resource
win10v200217
Malware Config
Targets
-
-
Target
SBA_DISA.EXE
-
Size
152KB
-
MD5
43927d58e211d5a2d2670bf46b1d9884
-
SHA1
89dba75b13a506ee5042b5636c06555baf85050c
-
SHA256
a6cc856405546af76f769ae3148e782571675af436ae9701c17d081266d6c835
-
SHA512
12982c56cf7b9864b60829336b4c33a1caee4061fccf434fa9809f71b3259c3823cb6786656d639bc0fabe0a683793df4a6ba34d9f35b47801688b3f28bb5521
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-