General
-
Target
crypt1.exe
-
Size
773KB
-
Sample
200708-gf99lnk8vx
-
MD5
10bd8c618d9c9336eaee4cbcd815f398
-
SHA1
4e01cc508c1487539f26053394f158a76b1d1402
-
SHA256
6934eb93d7b5e16de0687da48a001b95c84f2b741e3e8775c8e32dcb70cf5b13
-
SHA512
26f21c5fa2975f30cc59cbb66b5ff0c936089fb7d29c331514b82e8e6dd19c010e14c81b12ce4ffd0223b6df3b9a9ae17113f1a2853d9aa60766b5839a6be489
Static task
static1
Behavioral task
behavioral1
Sample
crypt1.exe
Resource
win7
Behavioral task
behavioral2
Sample
crypt1.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
crypt1.exe
-
Size
773KB
-
MD5
10bd8c618d9c9336eaee4cbcd815f398
-
SHA1
4e01cc508c1487539f26053394f158a76b1d1402
-
SHA256
6934eb93d7b5e16de0687da48a001b95c84f2b741e3e8775c8e32dcb70cf5b13
-
SHA512
26f21c5fa2975f30cc59cbb66b5ff0c936089fb7d29c331514b82e8e6dd19c010e14c81b12ce4ffd0223b6df3b9a9ae17113f1a2853d9aa60766b5839a6be489
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-