General
-
Target
b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7
-
Size
135KB
-
Sample
200816-2f4znz7jvn
-
MD5
9667507db2ef67dd8aa974f747d11c48
-
SHA1
74a869b20f433dc6d1df3cd5fff23db785c196c3
-
SHA256
b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7
-
SHA512
4cf53dc70359078794173e0679761fd077401b8955cbf4d0b8c202b5e0d064e085dce56a558344813f682493409dd2fe3ae3c72b5359968a69400b70d6ac1379
Static task
static1
Behavioral task
behavioral1
Sample
b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7.exe
Resource
win7v200722
Behavioral task
behavioral2
Sample
b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7.exe
Resource
win10v200722
Malware Config
Targets
-
-
Target
b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7
-
Size
135KB
-
MD5
9667507db2ef67dd8aa974f747d11c48
-
SHA1
74a869b20f433dc6d1df3cd5fff23db785c196c3
-
SHA256
b05e4d408f5731b0bb0c194570a3c86a31ce291ec70b54e1e76ecd5bc9bee3f7
-
SHA512
4cf53dc70359078794173e0679761fd077401b8955cbf4d0b8c202b5e0d064e085dce56a558344813f682493409dd2fe3ae3c72b5359968a69400b70d6ac1379
Score8/10-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-