General
-
Target
Document2.exe
-
Size
649KB
-
Sample
200709-qy8bm4pbvn
-
MD5
3f4f53f1ab6fcb15e70eb577a45a2c46
-
SHA1
9784cf4ade8b26e4ec31c3b7ae02bd7b7180daeb
-
SHA256
a405c8cf0c233bddd6849726247d1426589e3a709e0a0378be86d93868fac48c
-
SHA512
83b51cfc80910bf1ceff43225ecbf17b1f515387689a86d7154b3c586c123a8d4090f4f38e90d3a47463e2b495fa808a78e246375bd071f7dc013d06f93711d2
Static task
static1
Behavioral task
behavioral1
Sample
Document2.exe
Resource
win7
Behavioral task
behavioral2
Sample
Document2.exe
Resource
win10
Malware Config
Targets
-
-
Target
Document2.exe
-
Size
649KB
-
MD5
3f4f53f1ab6fcb15e70eb577a45a2c46
-
SHA1
9784cf4ade8b26e4ec31c3b7ae02bd7b7180daeb
-
SHA256
a405c8cf0c233bddd6849726247d1426589e3a709e0a0378be86d93868fac48c
-
SHA512
83b51cfc80910bf1ceff43225ecbf17b1f515387689a86d7154b3c586c123a8d4090f4f38e90d3a47463e2b495fa808a78e246375bd071f7dc013d06f93711d2
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-