General
-
Target
Payment Slip_GS2004011507 & GS2005014760_pdf.exe
-
Size
304KB
-
Sample
200630-nl4g8kgp7e
-
MD5
724b0343f5f55aab914f610c1164cdcd
-
SHA1
b451c5667a1491a99e7c54e549fa89049beba10f
-
SHA256
8f4bb4bd0cff9da6a0aee3e0204732840f045fab3ae23020385646fc47aae9f4
-
SHA512
3e8898305f745fcf12735af7be23e780474377e6e16c1b401e783439ce1ecd10602da2f5eae8672d9d9ebe0d66215eeebe8eb46e1103fc6771d936c18ae81e47
Static task
static1
Behavioral task
behavioral1
Sample
Payment Slip_GS2004011507 & GS2005014760_pdf.exe
Resource
win7
Behavioral task
behavioral2
Sample
Payment Slip_GS2004011507 & GS2005014760_pdf.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Payment Slip_GS2004011507 & GS2005014760_pdf.exe
-
Size
304KB
-
MD5
724b0343f5f55aab914f610c1164cdcd
-
SHA1
b451c5667a1491a99e7c54e549fa89049beba10f
-
SHA256
8f4bb4bd0cff9da6a0aee3e0204732840f045fab3ae23020385646fc47aae9f4
-
SHA512
3e8898305f745fcf12735af7be23e780474377e6e16c1b401e783439ce1ecd10602da2f5eae8672d9d9ebe0d66215eeebe8eb46e1103fc6771d936c18ae81e47
-
Adds Run entry to policy start application
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-