General
-
Target
dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f
-
Size
484KB
-
Sample
201105-c31ghfvls2
-
MD5
b988afbb1df5f268d64a2ef604c92cdf
-
SHA1
b9320b32b14219e2829eaa6a69b046e6d68b39dd
-
SHA256
dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f
-
SHA512
ff4d78db6deac88a8094e4921bc4c8bf8a245b97e4e7c2e3c6f9855b900f4f667980e4543ebb53842778405841e2b575d414c05bc893211c1555cc0cd64e51f5
Static task
static1
Behavioral task
behavioral1
Sample
dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f
-
Size
484KB
-
MD5
b988afbb1df5f268d64a2ef604c92cdf
-
SHA1
b9320b32b14219e2829eaa6a69b046e6d68b39dd
-
SHA256
dfb2cb14a2f6a3281514226cec06bb2bb99e9ebbeb583a9b6f80ec8b4d6fe15f
-
SHA512
ff4d78db6deac88a8094e4921bc4c8bf8a245b97e4e7c2e3c6f9855b900f4f667980e4543ebb53842778405841e2b575d414c05bc893211c1555cc0cd64e51f5
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-