General
-
Target
uncategorized_0.5.4.3.vir
-
Size
139KB
-
Sample
200719-2rs4ykg66n
-
MD5
4645ee774d4191213ba90469f765b200
-
SHA1
b3510f9c344145c10c10117f56e30ebd534b425e
-
SHA256
a45341621c1e3e058096ae5b6829202aadb5bfd4b06dfa4a9e66249d2db500c9
-
SHA512
affb42ce81b55a7744f325b32c8c8c733fa2446e5debcb63a429ddd5290ca73f108744a00a555b8dc714ec1a3b659e372581390e9978b9b4f6382c49ff309fef
Static task
static1
Behavioral task
behavioral1
Sample
uncategorized_0.5.4.3.vir.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
uncategorized_0.5.4.3.vir.exe
Resource
win10
Malware Config
Targets
-
-
Target
uncategorized_0.5.4.3.vir
-
Size
139KB
-
MD5
4645ee774d4191213ba90469f765b200
-
SHA1
b3510f9c344145c10c10117f56e30ebd534b425e
-
SHA256
a45341621c1e3e058096ae5b6829202aadb5bfd4b06dfa4a9e66249d2db500c9
-
SHA512
affb42ce81b55a7744f325b32c8c8c733fa2446e5debcb63a429ddd5290ca73f108744a00a555b8dc714ec1a3b659e372581390e9978b9b4f6382c49ff309fef
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-