General

  • Target

    RFQ-Felype Castro from Brazil.exe

  • Size

    505KB

  • Sample

    200710-1jrmz4d1sx

  • MD5

    63aa1a0f5b295d759ec4b2a0823bdb8d

  • SHA1

    f29ead5094b0354aad5e70f52e1a800cc5c8fb31

  • SHA256

    91f4fdc2687907e6f6ff98c2302371175ba51abe8776c7f33e61a33e08b097a3

  • SHA512

    2ea2c570d707f6699a806b4cf8283503192b899d2ef8f065cf532b56b3d3753c3a7c201b00987b94bda68fd2525e8cbfbadf10bf81b72798ad5ae97cb9fc68be

Malware Config

Targets

    • Target

      RFQ-Felype Castro from Brazil.exe

    • Size

      505KB

    • MD5

      63aa1a0f5b295d759ec4b2a0823bdb8d

    • SHA1

      f29ead5094b0354aad5e70f52e1a800cc5c8fb31

    • SHA256

      91f4fdc2687907e6f6ff98c2302371175ba51abe8776c7f33e61a33e08b097a3

    • SHA512

      2ea2c570d707f6699a806b4cf8283503192b899d2ef8f065cf532b56b3d3753c3a7c201b00987b94bda68fd2525e8cbfbadf10bf81b72798ad5ae97cb9fc68be

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks