General
-
Target
IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe
-
Size
504KB
-
Sample
200710-rzgkjcfxjj
-
MD5
c1b13db471da675d9887133f6de51d4d
-
SHA1
ee4185e2232581c17e45b5598a07a99f49887364
-
SHA256
8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32
-
SHA512
40076fb9f71a1c96be4883cc595a7cbee3da9701ad2633d20a31d125a19382ad14b43de18ff17eac96d211e2885137d61ee34065739c6b5967592a91c8050a65
Static task
static1
Behavioral task
behavioral1
Sample
IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe
Resource
win10
Malware Config
Targets
-
-
Target
IMAGES-001-QUOTE REQUEST #21800176_354667485903 _09_07_2020PDF.exe
-
Size
504KB
-
MD5
c1b13db471da675d9887133f6de51d4d
-
SHA1
ee4185e2232581c17e45b5598a07a99f49887364
-
SHA256
8ea404b56d3341cbcc42c2f9b99c6cf8aa457d94b5319e19bee72859be9b1c32
-
SHA512
40076fb9f71a1c96be4883cc595a7cbee3da9701ad2633d20a31d125a19382ad14b43de18ff17eac96d211e2885137d61ee34065739c6b5967592a91c8050a65
Score10/10-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-