General
-
Target
uncategorized_9.0.0.2.vir
-
Size
224KB
-
Sample
200719-w9rxrn1sye
-
MD5
3706da30e1fc51212ae95aff2fae57ad
-
SHA1
72029dca348d3fa4faa43d9999fa1b744bb559cd
-
SHA256
19d32c1fc7c6fa9a5924aeb6ce69d8e5211c3e458eb51178171e0c75f129c48a
-
SHA512
0d8ae837a6e0a0f9ad582fb94b5a997d30066194f8428e77bdfa2cbe2669dbaa3784752ea41e354c9806bde1792392d930c0d365522f4f0cc762595e00b16897
Static task
static1
Behavioral task
behavioral1
Sample
uncategorized_9.0.0.2.vir.exe
Resource
win7
Behavioral task
behavioral2
Sample
uncategorized_9.0.0.2.vir.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
uncategorized_9.0.0.2.vir
-
Size
224KB
-
MD5
3706da30e1fc51212ae95aff2fae57ad
-
SHA1
72029dca348d3fa4faa43d9999fa1b744bb559cd
-
SHA256
19d32c1fc7c6fa9a5924aeb6ce69d8e5211c3e458eb51178171e0c75f129c48a
-
SHA512
0d8ae837a6e0a0f9ad582fb94b5a997d30066194f8428e77bdfa2cbe2669dbaa3784752ea41e354c9806bde1792392d930c0d365522f4f0cc762595e00b16897
Score8/10-
Executes dropped EXE
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-