General
-
Target
512.dll
-
Size
367KB
-
Sample
200715-wrfqa4r2zx
-
MD5
56921bed6e4dd3ba4064557d453e403e
-
SHA1
9a2ec0abbde02b61d56990882ea6c43d833114b3
-
SHA256
a1ea6e27f13d729c388d0cf8a22f07407bf52290d0b68f4d4da1637d3a2b8eea
-
SHA512
d27da6d2386185d1ea76a195bee2d72e1ac229b841f4b60eafe0e4055cbaaaeecd99e1d9f0693eab660fa480baa74a00ad9a0ca43b392a83d285ddea4bf8911c
Static task
static1
Behavioral task
behavioral1
Sample
512.dll
Resource
win7
Malware Config
Targets
-
-
Target
512.dll
-
Size
367KB
-
MD5
56921bed6e4dd3ba4064557d453e403e
-
SHA1
9a2ec0abbde02b61d56990882ea6c43d833114b3
-
SHA256
a1ea6e27f13d729c388d0cf8a22f07407bf52290d0b68f4d4da1637d3a2b8eea
-
SHA512
d27da6d2386185d1ea76a195bee2d72e1ac229b841f4b60eafe0e4055cbaaaeecd99e1d9f0693eab660fa480baa74a00ad9a0ca43b392a83d285ddea4bf8911c
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-