General
-
Target
12.07.rtf
-
Size
653KB
-
Sample
200712-d8wzg6lqgn
-
MD5
333d571e448686dd17da1d47546e4aab
-
SHA1
03ddb8e0550dd9e5e01b8560a199ab344b55d744
-
SHA256
5e7286a6c92ed2e7d83789a1e1e71e0e051fa0fbb47ff3767b787c86e1fec49c
-
SHA512
16f0a5242fc2ab83fc96e0ef1a04cd385753cdf0b0c668495226b43a77135f1ec113e537acf7413a750e0196b7dedec071449a4eaae2222f6f852f57f9431fd3
Static task
static1
Behavioral task
behavioral1
Sample
12.07.rtf
Resource
win7
Behavioral task
behavioral2
Sample
12.07.rtf
Resource
win10v200430
Malware Config
Targets
-
-
Target
12.07.rtf
-
Size
653KB
-
MD5
333d571e448686dd17da1d47546e4aab
-
SHA1
03ddb8e0550dd9e5e01b8560a199ab344b55d744
-
SHA256
5e7286a6c92ed2e7d83789a1e1e71e0e051fa0fbb47ff3767b787c86e1fec49c
-
SHA512
16f0a5242fc2ab83fc96e0ef1a04cd385753cdf0b0c668495226b43a77135f1ec113e537acf7413a750e0196b7dedec071449a4eaae2222f6f852f57f9431fd3
Score8/10-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-