General
-
Target
Rincian Perbankan dan Transfer Formulir Aplikasi_pdf.exe
-
Size
505KB
-
Sample
201109-8d4fg4l3tj
-
MD5
b95219bcaa42d45a467dddb752dde333
-
SHA1
9234b6b4b4c2bf0ab2a8737f94e7a989f9083bce
-
SHA256
b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4
-
SHA512
607f20b5563e49c770b99eb6003e299b2e00f7e9ab8dfb04bb25a44f47a78b4e202017a3a248eef56fd27b4c6745183f89f561a97c21122be6ad528d034a837c
Static task
static1
Behavioral task
behavioral1
Sample
Rincian Perbankan dan Transfer Formulir Aplikasi_pdf.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
Rincian Perbankan dan Transfer Formulir Aplikasi_pdf.exe
-
Size
505KB
-
MD5
b95219bcaa42d45a467dddb752dde333
-
SHA1
9234b6b4b4c2bf0ab2a8737f94e7a989f9083bce
-
SHA256
b24205394b92b61e4058e30a94528aa34cf37b3d930c3197d91f33f8fd173cf4
-
SHA512
607f20b5563e49c770b99eb6003e299b2e00f7e9ab8dfb04bb25a44f47a78b4e202017a3a248eef56fd27b4c6745183f89f561a97c21122be6ad528d034a837c
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-