General
-
Target
PO.exe
-
Size
618KB
-
Sample
200731-bwpn7vbkqn
-
MD5
829316dec0bd0d3ae1a0d7dba9aa96fe
-
SHA1
435cbff7d1b6d0ad1a5992be3b658fa4c575bffd
-
SHA256
e3d23bafecccf8c1282d7c7f561490061216edabbbdafde8dca65608ba28a8fc
-
SHA512
29bf334d390eeda492797c7abab574cca03bb0dad9ee88cfbcc9f843ef16b3067d2fdf179d99d161a464c3805bc2b6b5c20f10ce503dfc779aa52c1b5f220754
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7v200722
Malware Config
Extracted
Protocol: smtp- Host:
mail.greatgoldenqlory.com - Port:
587 - Username:
logistics@greatgoldenqlory.com - Password:
chibuike12345@@@@@
Targets
-
-
Target
PO.exe
-
Size
618KB
-
MD5
829316dec0bd0d3ae1a0d7dba9aa96fe
-
SHA1
435cbff7d1b6d0ad1a5992be3b658fa4c575bffd
-
SHA256
e3d23bafecccf8c1282d7c7f561490061216edabbbdafde8dca65608ba28a8fc
-
SHA512
29bf334d390eeda492797c7abab574cca03bb0dad9ee88cfbcc9f843ef16b3067d2fdf179d99d161a464c3805bc2b6b5c20f10ce503dfc779aa52c1b5f220754
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-