General
-
Target
Payment details.exe
-
Size
546KB
-
Sample
200709-dqfxtzsdka
-
MD5
d580a1f4241f75ac8bf99ac6ca501977
-
SHA1
11a2d6e337c2a5830a918d206d475400d606c5b3
-
SHA256
b4d3bccc58e0a1222261fc91cf6c0b56db9116302c9aaf9d4ddf9273706d571f
-
SHA512
19ef34c65bacb0d0b38bd45126d989f2fbd510d91f844ab844e92d87b5380f749d5d89f6fc7ec16bbfcca97f40bf7d10d24d86186a402bb442f10fbb7c773ab5
Static task
static1
Behavioral task
behavioral1
Sample
Payment details.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Payment details.exe
Resource
win10
Malware Config
Targets
-
-
Target
Payment details.exe
-
Size
546KB
-
MD5
d580a1f4241f75ac8bf99ac6ca501977
-
SHA1
11a2d6e337c2a5830a918d206d475400d606c5b3
-
SHA256
b4d3bccc58e0a1222261fc91cf6c0b56db9116302c9aaf9d4ddf9273706d571f
-
SHA512
19ef34c65bacb0d0b38bd45126d989f2fbd510d91f844ab844e92d87b5380f749d5d89f6fc7ec16bbfcca97f40bf7d10d24d86186a402bb442f10fbb7c773ab5
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-