General
-
Target
Commercial InvoiceContract#08BR19-20.exe
-
Size
346KB
-
Sample
200713-253apsevaj
-
MD5
1015b6ac7933ac770c115db33f6a5b5b
-
SHA1
0e7f032f39d5e50e0303cf51b65d593275e0a6a0
-
SHA256
6188651c5b4b883766439245dbe8b6b5575f8dc4f861eec3a3238d0ee7093f48
-
SHA512
041602df2a0e2f2b9dac4d34e4674403be2594aa4400051cdc2c0445912270b4d2fe1fbc4df8c12c3876b13acf6a03fba35a905ec9bc74c755766aa2a87b0f84
Static task
static1
Behavioral task
behavioral1
Sample
Commercial InvoiceContract#08BR19-20.exe
Resource
win7
Behavioral task
behavioral2
Sample
Commercial InvoiceContract#08BR19-20.exe
Resource
win10
Malware Config
Targets
-
-
Target
Commercial InvoiceContract#08BR19-20.exe
-
Size
346KB
-
MD5
1015b6ac7933ac770c115db33f6a5b5b
-
SHA1
0e7f032f39d5e50e0303cf51b65d593275e0a6a0
-
SHA256
6188651c5b4b883766439245dbe8b6b5575f8dc4f861eec3a3238d0ee7093f48
-
SHA512
041602df2a0e2f2b9dac4d34e4674403be2594aa4400051cdc2c0445912270b4d2fe1fbc4df8c12c3876b13acf6a03fba35a905ec9bc74c755766aa2a87b0f84
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-