General
-
Target
Versanddetails.exe
-
Size
596KB
-
Sample
200731-49f8hh5zee
-
MD5
269a05d36d071c206dc87187d6136352
-
SHA1
85f8c093f487db02ebbbda53d0893be9bdbc0ace
-
SHA256
b774ad4c9780bdb6e4fec9dbd688f1ac6d0ee75e9771c64de99e1f5152e0b385
-
SHA512
2449cc3e98eb46ffb373552fe1ca7cca4fea9628482e0f3214a2ef19a97240b184eca1191607e6406d810238ef8a0a29030867bec0baf44a7c480d485d661ebc
Static task
static1
Behavioral task
behavioral1
Sample
Versanddetails.exe
Resource
win7
Malware Config
Targets
-
-
Target
Versanddetails.exe
-
Size
596KB
-
MD5
269a05d36d071c206dc87187d6136352
-
SHA1
85f8c093f487db02ebbbda53d0893be9bdbc0ace
-
SHA256
b774ad4c9780bdb6e4fec9dbd688f1ac6d0ee75e9771c64de99e1f5152e0b385
-
SHA512
2449cc3e98eb46ffb373552fe1ca7cca4fea9628482e0f3214a2ef19a97240b184eca1191607e6406d810238ef8a0a29030867bec0baf44a7c480d485d661ebc
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-