General
-
Target
Request for Quotation-BV-76435020.exe
-
Size
654KB
-
Sample
200708-n4ghvphqn2
-
MD5
a2fe795e8b63eb414f66e09953a56a46
-
SHA1
ffd4c5641f9253d6004af10110ffcc630be27521
-
SHA256
b00ebd12d239ba9f75f11b3ad96b127730779e48f3e2fead50c9e5a7b7ca598a
-
SHA512
3a99dffb20ab52a9a771b495f9e7f7acbc72d319b265197cc8465211b44eea1fa9c1550581a083f176a97bfecab3f6c6d79033b3cc5a8fcfd75cb6ac27e9e65a
Static task
static1
Behavioral task
behavioral1
Sample
Request for Quotation-BV-76435020.exe
Resource
win7
Behavioral task
behavioral2
Sample
Request for Quotation-BV-76435020.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Request for Quotation-BV-76435020.exe
-
Size
654KB
-
MD5
a2fe795e8b63eb414f66e09953a56a46
-
SHA1
ffd4c5641f9253d6004af10110ffcc630be27521
-
SHA256
b00ebd12d239ba9f75f11b3ad96b127730779e48f3e2fead50c9e5a7b7ca598a
-
SHA512
3a99dffb20ab52a9a771b495f9e7f7acbc72d319b265197cc8465211b44eea1fa9c1550581a083f176a97bfecab3f6c6d79033b3cc5a8fcfd75cb6ac27e9e65a
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-