General
-
Target
fdppo.exe
-
Size
101KB
-
Sample
200713-2tkm5wsena
-
MD5
082348ffb2977a0762e3e5d6f4a47ff4
-
SHA1
a63f12bba792fd01307373a7565b96549eb9f3c8
-
SHA256
8f9fcdd00e43b8845139ba38f9d4f164e526736578eab199e7f7af5d8179f01c
-
SHA512
ac00b157a3ae8af9502658c2fa72d80eb871f4ca9ee6b36393c526fbe0d35383855633bc871623c3088f3cdbd75a537b52ef24d8d1995353896637c3a27cf91c
Static task
static1
Behavioral task
behavioral1
Sample
fdppo.exe
Resource
win7
Behavioral task
behavioral2
Sample
fdppo.exe
Resource
win10
Malware Config
Targets
-
-
Target
fdppo.exe
-
Size
101KB
-
MD5
082348ffb2977a0762e3e5d6f4a47ff4
-
SHA1
a63f12bba792fd01307373a7565b96549eb9f3c8
-
SHA256
8f9fcdd00e43b8845139ba38f9d4f164e526736578eab199e7f7af5d8179f01c
-
SHA512
ac00b157a3ae8af9502658c2fa72d80eb871f4ca9ee6b36393c526fbe0d35383855633bc871623c3088f3cdbd75a537b52ef24d8d1995353896637c3a27cf91c
-
Adds Run entry to policy start application
-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-