General
-
Target
Purchase Invoice 07072020.exe
-
Size
557KB
-
Sample
200707-bstyktc68n
-
MD5
9bc9fdc6a7fc7dc12b34957123bad0d4
-
SHA1
107fc563c3dacf97f33748d755d240eb6a438d9f
-
SHA256
65a226dbf2cb9d30ad397117199260d3b8989e99c01de03a0d4f8eb0622794fc
-
SHA512
94ce7aeaaf726d5850ffd95c010e06e4ff715ecfdd5285b5a53127f4afdb4085231819c67c57c76b810776430b96b5c32c6d5b73b59f766c3d2736f33bbc7783
Malware Config
Targets
-
-
Target
Purchase Invoice 07072020.exe
-
Size
557KB
-
MD5
9bc9fdc6a7fc7dc12b34957123bad0d4
-
SHA1
107fc563c3dacf97f33748d755d240eb6a438d9f
-
SHA256
65a226dbf2cb9d30ad397117199260d3b8989e99c01de03a0d4f8eb0622794fc
-
SHA512
94ce7aeaaf726d5850ffd95c010e06e4ff715ecfdd5285b5a53127f4afdb4085231819c67c57c76b810776430b96b5c32c6d5b73b59f766c3d2736f33bbc7783
Score8/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-