General
-
Target
New order.exe
-
Size
639KB
-
Sample
201109-cyf1ke1mnx
-
MD5
8652ae4ebceeda4f66f430255abc91e3
-
SHA1
16ca224eb2cfe507f40a9db03eb5bdb7befc373f
-
SHA256
cbeefe51466bc72c1d6ac6d8a24c4da9a9c8f66d2e388a057bb6ce5c197c152d
-
SHA512
7e207dacc4b3e1473af11aa9ebb43c9f25913347716b3c1857a50af8fe75ded6913fe29d2c19c1232c9cc8c899c90029f6a7348e974be2e534350a8bc10ac138
Static task
static1
Behavioral task
behavioral1
Sample
New order.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
New order.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
New order.exe
-
Size
639KB
-
MD5
8652ae4ebceeda4f66f430255abc91e3
-
SHA1
16ca224eb2cfe507f40a9db03eb5bdb7befc373f
-
SHA256
cbeefe51466bc72c1d6ac6d8a24c4da9a9c8f66d2e388a057bb6ce5c197c152d
-
SHA512
7e207dacc4b3e1473af11aa9ebb43c9f25913347716b3c1857a50af8fe75ded6913fe29d2c19c1232c9cc8c899c90029f6a7348e974be2e534350a8bc10ac138
Score10/10-
404 Keylogger Main Executable
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-