General
-
Target
BL Draft Copy-shipping Documents3-12-06-20.EXCEL.XLS.xlsx.exe
-
Size
178KB
-
Sample
201109-3lf2b5sc5s
-
MD5
929f66fe134298431a968798660791cf
-
SHA1
1ccd9f3e5aff2d866822bdae064b0ed3c28152d3
-
SHA256
ee53e3af4824143697acbbd4541be230ee574576d2b52b613e459599e2c85371
-
SHA512
ff0b11f4a91133905eaf250777c5e50f100f1f48b704006330e80c536c98d5c6f64bef35bc4329c867dcc8dca815bccddb9c8b01bdd0eaea1a88b96e716a8d10
Static task
static1
Behavioral task
behavioral1
Sample
BL Draft Copy-shipping Documents3-12-06-20.EXCEL.XLS.xlsx.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
BL Draft Copy-shipping Documents3-12-06-20.EXCEL.XLS.xlsx.exe
-
Size
178KB
-
MD5
929f66fe134298431a968798660791cf
-
SHA1
1ccd9f3e5aff2d866822bdae064b0ed3c28152d3
-
SHA256
ee53e3af4824143697acbbd4541be230ee574576d2b52b613e459599e2c85371
-
SHA512
ff0b11f4a91133905eaf250777c5e50f100f1f48b704006330e80c536c98d5c6f64bef35bc4329c867dcc8dca815bccddb9c8b01bdd0eaea1a88b96e716a8d10
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-