General
-
Target
02-04.zip
-
Size
30KB
-
Sample
200402-jayshry6wa
-
MD5
ff1bbb6905fb9a6f46d71d5687927d9e
-
SHA1
027ee92d6e76de61914ce393df46b2d2460f17e2
-
SHA256
79b485007f44b4d768cfa76af093ba16751d986fbd4053b8328a7dd119198e96
-
SHA512
fbb2ab27c67b34d7f8e88e2db4b415e08f6a2e4a03a8a62f04aaf76f91b5a41433aba94d2fa191ba9fbca58ac3d748479ed224f2754611c2520fca530635317e
Static task
static1
Behavioral task
behavioral1
Sample
blank.ps1
Resource
win7v200217
Behavioral task
behavioral2
Sample
blank.ps1
Resource
win10v200217
Malware Config
Targets
-
-
Target
blank.ps1
-
Size
26B
-
MD5
ef623f762ecb5a3d8f2a21b6f36fe827
-
SHA1
422c8588283d250dc49141a18f9c9079fa62ecf0
-
SHA256
95a0316c3a89e5fb1824447591dfa1c9fa08ea2a06567fb63e923d73838a0596
-
SHA512
b11b6510c73f126d4dcb10281111eeb0ab328a713fa5c183230f679cfbeaf41af27b658b734c3334a9cef94667d8d478d41ce54112483a99f332f2f85286b1db
Score10/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-