General
-
Target
SHIPMENT.exe
-
Size
397KB
-
Sample
200709-9swjzqvsj6
-
MD5
df32f99868ae7a3d6ae8322795f309f1
-
SHA1
6fab769a3c4ffb45f5c1cb2112f398af7f9b8efe
-
SHA256
36dc75aba4921481245ab67c3ad19489576b7e7ee3e7c348c62c53c088f7be3f
-
SHA512
1a6664bc1250fa0cda07b6db94de2c665caa574b8bb73c0dfd6299ff7fbdaa0a0138d80c77d33138655972e9bcdf2928984b5fb9a250f84a52553681b631a292
Malware Config
Targets
-
-
Target
SHIPMENT.exe
-
Size
397KB
-
MD5
df32f99868ae7a3d6ae8322795f309f1
-
SHA1
6fab769a3c4ffb45f5c1cb2112f398af7f9b8efe
-
SHA256
36dc75aba4921481245ab67c3ad19489576b7e7ee3e7c348c62c53c088f7be3f
-
SHA512
1a6664bc1250fa0cda07b6db94de2c665caa574b8bb73c0dfd6299ff7fbdaa0a0138d80c77d33138655972e9bcdf2928984b5fb9a250f84a52553681b631a292
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-