General
-
Target
New Order & Product Specifications.exe
-
Size
515KB
-
Sample
200708-23c2s2dtaj
-
MD5
18a279d1c9a0dce2b813171d199c56d7
-
SHA1
b4357015e6f444389310f5afa0d2f9eb2fcc73e5
-
SHA256
263cc7d71099d7f9461b9fbd7fef381bab1b78bf0ecf30b51c27251f56f247f7
-
SHA512
fdcb4ee084edd6013b0eb484b9c8fe5e6c273002f00f6273e2717f7cb2f6bdd729e935e2d21efa29a29034498512503ac4988eaea8ec4970812a6997bc52daca
Static task
static1
Behavioral task
behavioral1
Sample
New Order & Product Specifications.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
New Order & Product Specifications.exe
Resource
win10
Malware Config
Targets
-
-
Target
New Order & Product Specifications.exe
-
Size
515KB
-
MD5
18a279d1c9a0dce2b813171d199c56d7
-
SHA1
b4357015e6f444389310f5afa0d2f9eb2fcc73e5
-
SHA256
263cc7d71099d7f9461b9fbd7fef381bab1b78bf0ecf30b51c27251f56f247f7
-
SHA512
fdcb4ee084edd6013b0eb484b9c8fe5e6c273002f00f6273e2717f7cb2f6bdd729e935e2d21efa29a29034498512503ac4988eaea8ec4970812a6997bc52daca
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-