General
-
Target
RFQ 11052020.exe
-
Size
532KB
-
Sample
201109-6zvwbtnp6x
-
MD5
6862320ab0f3f068504939009f42fa3b
-
SHA1
7db62107398b57f19176279a1165196e0091c979
-
SHA256
6a5bf81d82a8112290a0eef40ece993c13143ad63feb1b4452528187a98627b0
-
SHA512
50f599a1ae49d6610092cd99f69d6d1954f4f3d778ad7db8d502328f2a489dce41ffa6ab697deaf4399625f3ea5ee31cd8b6f0236dba13c7bc8be5166f6815ed
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 11052020.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
RFQ 11052020.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
RFQ 11052020.exe
-
Size
532KB
-
MD5
6862320ab0f3f068504939009f42fa3b
-
SHA1
7db62107398b57f19176279a1165196e0091c979
-
SHA256
6a5bf81d82a8112290a0eef40ece993c13143ad63feb1b4452528187a98627b0
-
SHA512
50f599a1ae49d6610092cd99f69d6d1954f4f3d778ad7db8d502328f2a489dce41ffa6ab697deaf4399625f3ea5ee31cd8b6f0236dba13c7bc8be5166f6815ed
Score10/10-
404 Keylogger Main Executable
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-