General
-
Target
Preform Invoice.exe
-
Size
390KB
-
Sample
200630-d3mm6c5exx
-
MD5
fac2cb9080743d1c1201d307dadc66a7
-
SHA1
58445be625af49f21df9502d4f7f27d1bf43c083
-
SHA256
6d8990f56f9413f16f2dbe490367d7585b5e6165982e6929a8fd71fc60cffefd
-
SHA512
44b3a0350c78f71b1272e9a51f33c5a8275bff18ce079b8b41250bdcfb3ae8db9fc59037058999b556156cdb791f853907371fac0d74f66004100f7a169b74ca
Static task
static1
Behavioral task
behavioral1
Sample
Preform Invoice.exe
Resource
win7
Behavioral task
behavioral2
Sample
Preform Invoice.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Preform Invoice.exe
-
Size
390KB
-
MD5
fac2cb9080743d1c1201d307dadc66a7
-
SHA1
58445be625af49f21df9502d4f7f27d1bf43c083
-
SHA256
6d8990f56f9413f16f2dbe490367d7585b5e6165982e6929a8fd71fc60cffefd
-
SHA512
44b3a0350c78f71b1272e9a51f33c5a8275bff18ce079b8b41250bdcfb3ae8db9fc59037058999b556156cdb791f853907371fac0d74f66004100f7a169b74ca
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-