General
-
Target
2870f899f2e9ec540da321f603cfb1a735dcd06df016718e663dc78fefdf5e0a
-
Size
4.8MB
-
Sample
210129-g9pf63ytls
-
MD5
f7d7c89f3f5cbc925480b46b7b934157
-
SHA1
73e389b70cf3d8975ccbaf7d04f4c45cc80be860
-
SHA256
2870f899f2e9ec540da321f603cfb1a735dcd06df016718e663dc78fefdf5e0a
-
SHA512
9b972e2954c18f706a6f8012a6b76e1f4ce8e76466eae919b55a6225c4f8574586d9f11838d8d63bdd245b11cfd3e581248e9a578f72ff2dd8b6623bebc525eb
Static task
static1
Behavioral task
behavioral1
Sample
2870f899f2e9ec540da321f603cfb1a735dcd06df016718e663dc78fefdf5e0a.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
2870f899f2e9ec540da321f603cfb1a735dcd06df016718e663dc78fefdf5e0a
-
Size
4.8MB
-
MD5
f7d7c89f3f5cbc925480b46b7b934157
-
SHA1
73e389b70cf3d8975ccbaf7d04f4c45cc80be860
-
SHA256
2870f899f2e9ec540da321f603cfb1a735dcd06df016718e663dc78fefdf5e0a
-
SHA512
9b972e2954c18f706a6f8012a6b76e1f4ce8e76466eae919b55a6225c4f8574586d9f11838d8d63bdd245b11cfd3e581248e9a578f72ff2dd8b6623bebc525eb
-
Nirsoft
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
JavaScript code in executable
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-