General
-
Target
c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0
-
Size
1.4MB
-
Sample
200630-xctyx6ld82
-
MD5
0135c1b313921dc0ecdd607f08b2f5fd
-
SHA1
1430a4d71665a27bd8e4937cc0f7cef6f4ad3a9a
-
SHA256
c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0
-
SHA512
0677a7f69c7fc070b7c8123ea4c64f68ccc26e6a2b7bf9e05ae939d062bce936dbef654f3b03644bda7e5611b56f7813152d973f32cccab8c1ec11c5e9a639cc
Static task
static1
Behavioral task
behavioral1
Sample
c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0.exe
Resource
win7
Malware Config
Targets
-
-
Target
c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0
-
Size
1.4MB
-
MD5
0135c1b313921dc0ecdd607f08b2f5fd
-
SHA1
1430a4d71665a27bd8e4937cc0f7cef6f4ad3a9a
-
SHA256
c1e6c2059e61bc54c31696c04fca0b366fdd9d0ac84d7db2ad545ddf2b4b18f0
-
SHA512
0677a7f69c7fc070b7c8123ea4c64f68ccc26e6a2b7bf9e05ae939d062bce936dbef654f3b03644bda7e5611b56f7813152d973f32cccab8c1ec11c5e9a639cc
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency wallets, possible credential harvesting
-
Checks for installed software on the system
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies service
-
Suspicious use of SetThreadContext
-