General
-
Target
7ea8797ced25612628ad822d98760f4c5fd4dc8bb182f17f752901fd2a576ff1
-
Size
1.1MB
-
Sample
201109-27yyj2ylex
-
MD5
b04b4fd9c909b996f55aa399e5ca8f3c
-
SHA1
ee36d9e3c68b38e4894c059ca0d7b1428e98ad6a
-
SHA256
7ea8797ced25612628ad822d98760f4c5fd4dc8bb182f17f752901fd2a576ff1
-
SHA512
669501a47bb0c1a47a6e224a723f26f7a06cc035aab95e7e474c82c8b4814144ee3ab2e98284d7b5f5be684c4f143f4ba14b174d9621e675d76a727546d6d7f4
Static task
static1
Behavioral task
behavioral1
Sample
7ea8797ced25612628ad822d98760f4c5fd4dc8bb182f17f752901fd2a576ff1.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
7ea8797ced25612628ad822d98760f4c5fd4dc8bb182f17f752901fd2a576ff1
-
Size
1.1MB
-
MD5
b04b4fd9c909b996f55aa399e5ca8f3c
-
SHA1
ee36d9e3c68b38e4894c059ca0d7b1428e98ad6a
-
SHA256
7ea8797ced25612628ad822d98760f4c5fd4dc8bb182f17f752901fd2a576ff1
-
SHA512
669501a47bb0c1a47a6e224a723f26f7a06cc035aab95e7e474c82c8b4814144ee3ab2e98284d7b5f5be684c4f143f4ba14b174d9621e675d76a727546d6d7f4
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-