General
-
Target
Payment details.exe
-
Size
332KB
-
Sample
200713-2glel3hx3x
-
MD5
8506c6d3fa727e58e1c3fbea3e948bf4
-
SHA1
0e6eec497a34434090c3112aee93fdac2b0b8c77
-
SHA256
c5049b79f66303da5f8f91e527b7f182a765c54c075f134b1779fc5802ad6b1b
-
SHA512
57e373825abcd65de5907ffd1d9f835bebd9e82e59f404553a3f8168f6a9979ce9a52627f6982858b0a2b7a0a288ccf15f1a3fa0b6688073118e826167dc163f
Static task
static1
Behavioral task
behavioral1
Sample
Payment details.exe
Resource
win7
Behavioral task
behavioral2
Sample
Payment details.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Payment details.exe
-
Size
332KB
-
MD5
8506c6d3fa727e58e1c3fbea3e948bf4
-
SHA1
0e6eec497a34434090c3112aee93fdac2b0b8c77
-
SHA256
c5049b79f66303da5f8f91e527b7f182a765c54c075f134b1779fc5802ad6b1b
-
SHA512
57e373825abcd65de5907ffd1d9f835bebd9e82e59f404553a3f8168f6a9979ce9a52627f6982858b0a2b7a0a288ccf15f1a3fa0b6688073118e826167dc163f
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-