General
-
Target
RFQ-Felype Castro from Brazil.exe
-
Size
505KB
-
Sample
200710-1jrmz4d1sx
-
MD5
63aa1a0f5b295d759ec4b2a0823bdb8d
-
SHA1
f29ead5094b0354aad5e70f52e1a800cc5c8fb31
-
SHA256
91f4fdc2687907e6f6ff98c2302371175ba51abe8776c7f33e61a33e08b097a3
-
SHA512
2ea2c570d707f6699a806b4cf8283503192b899d2ef8f065cf532b56b3d3753c3a7c201b00987b94bda68fd2525e8cbfbadf10bf81b72798ad5ae97cb9fc68be
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-Felype Castro from Brazil.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
RFQ-Felype Castro from Brazil.exe
Resource
win10
Malware Config
Targets
-
-
Target
RFQ-Felype Castro from Brazil.exe
-
Size
505KB
-
MD5
63aa1a0f5b295d759ec4b2a0823bdb8d
-
SHA1
f29ead5094b0354aad5e70f52e1a800cc5c8fb31
-
SHA256
91f4fdc2687907e6f6ff98c2302371175ba51abe8776c7f33e61a33e08b097a3
-
SHA512
2ea2c570d707f6699a806b4cf8283503192b899d2ef8f065cf532b56b3d3753c3a7c201b00987b94bda68fd2525e8cbfbadf10bf81b72798ad5ae97cb9fc68be
Score7/10-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-