General
-
Target
SecuriteInfo.com.Win32.Heri.19168.24181
-
Size
375KB
-
Sample
200711-fc2jtv4c1s
-
MD5
0d1ea639370dcffab4fd3f149dc60ad9
-
SHA1
54396ffd4be9d6f82946b0e34f8ea4e5e631da95
-
SHA256
9e22f04ea9205b5c5cb910ef9be7709b38b189a3d34384baacff53c754ce95bb
-
SHA512
c4f50d7d847f8921dddf70be55675d90651516b4d16bc261bbda2a55c8baa3c38b5b54e594bc02faf8b577e707baba3ceff291e2768c8498f4a8014757e281b4
Malware Config
Targets
-
-
Target
SecuriteInfo.com.Win32.Heri.19168.24181
-
Size
375KB
-
MD5
0d1ea639370dcffab4fd3f149dc60ad9
-
SHA1
54396ffd4be9d6f82946b0e34f8ea4e5e631da95
-
SHA256
9e22f04ea9205b5c5cb910ef9be7709b38b189a3d34384baacff53c754ce95bb
-
SHA512
c4f50d7d847f8921dddf70be55675d90651516b4d16bc261bbda2a55c8baa3c38b5b54e594bc02faf8b577e707baba3ceff291e2768c8498f4a8014757e281b4
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-