General
-
Target
3ca6df4914385efd4ba9cd239b5ed254.exe
-
Size
4.5MB
-
Sample
201205-wygr8zgpvx
-
MD5
3ca6df4914385efd4ba9cd239b5ed254
-
SHA1
b66535ff43334177a5a167b9f2b07ade75484eec
-
SHA256
0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
-
SHA512
7951ab74ecd2ea26ed7bbcbc8bf34a770854a8fb009f256f93d72c705871b5a31c24153cc77581eec6544085cdbb51a170b2b7ef9f3f9139572b818d75424ca6
Static task
static1
Behavioral task
behavioral1
Sample
3ca6df4914385efd4ba9cd239b5ed254.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
3ca6df4914385efd4ba9cd239b5ed254.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
3ca6df4914385efd4ba9cd239b5ed254.exe
-
Size
4.5MB
-
MD5
3ca6df4914385efd4ba9cd239b5ed254
-
SHA1
b66535ff43334177a5a167b9f2b07ade75484eec
-
SHA256
0acebaf80946be0cb3099233e8807aa775c8304fc3dee48d42241ff68b7ab318
-
SHA512
7951ab74ecd2ea26ed7bbcbc8bf34a770854a8fb009f256f93d72c705871b5a31c24153cc77581eec6544085cdbb51a170b2b7ef9f3f9139572b818d75424ca6
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
JavaScript code in executable
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-