General
-
Target
Remittance advice.exe
-
Size
832KB
-
Sample
200710-dm5x3ccpnn
-
MD5
6b72bf98756a106ce4ffb0d7ef1be954
-
SHA1
2153b926fbb23eac4af1235f3dc3ff867cbaf174
-
SHA256
ab12a111885480b3518449ff615d118b0ba908e4f3f0179c8da797c7c815cbfe
-
SHA512
34e79cbde4f94b779af05677e04e8276bb303d2270c545e43a7ab31a54ab5fa4bafb875fa51c9e24d2de714b4e156bdf062df502d3d86ed2c6e61a0efe7d5e13
Static task
static1
Behavioral task
behavioral1
Sample
Remittance advice.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
Remittance advice.exe
Resource
win10
Malware Config
Targets
-
-
Target
Remittance advice.exe
-
Size
832KB
-
MD5
6b72bf98756a106ce4ffb0d7ef1be954
-
SHA1
2153b926fbb23eac4af1235f3dc3ff867cbaf174
-
SHA256
ab12a111885480b3518449ff615d118b0ba908e4f3f0179c8da797c7c815cbfe
-
SHA512
34e79cbde4f94b779af05677e04e8276bb303d2270c545e43a7ab31a54ab5fa4bafb875fa51c9e24d2de714b4e156bdf062df502d3d86ed2c6e61a0efe7d5e13
-
Adds Run entry to policy start application
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-