General
-
Target
PO ORDER.exe
-
Size
683KB
-
Sample
200709-mfwxerf71x
-
MD5
7ae31295f30f130914053f4c832c6fd7
-
SHA1
c1e1657b8e4768b9c9886756b36715451adc67f9
-
SHA256
b5cc6999416a62827fc86dc9b6a3f5b0ee3546986af845722ec0d019c8c30f6b
-
SHA512
a6db66345fe5cd1153ead6177a36c6a5e043f9dc4cc559922a573b92228ed289a2bfe58494f1823cb0b2e2ae9ab17d31335db2a67a7c32125c00c20b1adadb71
Malware Config
Targets
-
-
Target
PO ORDER.exe
-
Size
683KB
-
MD5
7ae31295f30f130914053f4c832c6fd7
-
SHA1
c1e1657b8e4768b9c9886756b36715451adc67f9
-
SHA256
b5cc6999416a62827fc86dc9b6a3f5b0ee3546986af845722ec0d019c8c30f6b
-
SHA512
a6db66345fe5cd1153ead6177a36c6a5e043f9dc4cc559922a573b92228ed289a2bfe58494f1823cb0b2e2ae9ab17d31335db2a67a7c32125c00c20b1adadb71
Score8/10-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-