Edit tour
Windows
Analysis Report
#U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe
Overview
General Information
Sample name: | #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exerenamed because original name is a hash value |
Original sample name: | .docx.exe |
Analysis ID: | 1533050 |
MD5: | daf21b9d206ce16fc3bd087abd0c6389 |
SHA1: | 76c67b3413830e45b0a5d938fb7976d47da10579 |
SHA256: | a62c290374a53ae0e30ba18422ead75f2a271a4b58cd6204940112364246d7ac |
Infos: | |
Detection
HackBrowser
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Multi AV Scanner detection for submitted file
Sigma detected: Suspicious Double Extension File Execution
Yara detected HackBrowser
AI detected suspicious sample
Tries to harvest and steal browser information (history, passwords, etc)
Uses an obfuscated file name to hide its real file extension (double extension)
Uses known network protocols on non-standard ports
Detected TCP or UDP traffic on non-standard ports
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Sigma detected: Communication To Uncommon Destination Ports
Classification
- System is w10x64
- #U8d77#U8bc9#U6750#U6599#U548c#U501f#U6b3e#U8bc1#U636e.docx.exe (PID: 5952 cmdline:
"C:\Users\ user\Deskt op\#U8d77# U8bc9#U675 0#U6599#U5 48c#U501f# U6b3e#U8bc 1#U636e.do cx.exe" MD5: DAF21B9D206CE16FC3BD087ABD0C6389)
- cleanup
Name | Description | Attribution | Blogpost URLs | Link |
---|---|---|---|---|
HackBrowserData | Browser information stealer, written in Go. | No Attribution |
⊘No configs have been found
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HackBrowser | Yara detected HackBrowser | Joe Security |
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HackBrowser | Yara detected HackBrowser | Joe Security | ||
JoeSecurity_HackBrowser | Yara detected HackBrowser | Joe Security | ||
JoeSecurity_HackBrowser | Yara detected HackBrowser | Joe Security |
System Summary |
---|
Source: | Author: Florian Roth (Nextron Systems), @blu3_team (idea), Nasreddine Bencherchali (Nextron Systems): |
Source: | Author: Florian Roth (Nextron Systems): |
⊘No Suricata rule has matched
Click to jump to signature section
Show All Signature Results
AV Detection |
---|
Source: | ReversingLabs: | |||
Source: | Virustotal: | Perma Link |
Source: | Integrated Neural Analysis Model: |
Source: | Static PE information: |
Networking |
---|
Source: | Network traffic detected: | ||
Source: | Network traffic detected: | ||
Source: | Network traffic detected: |
Source: | TCP traffic: |
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: | ||
Source: | TCP traffic detected without corresponding DNS query: |
Source: | HTTP traffic detected: |