General
-
Target
f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
-
Size
1.1MB
-
Sample
201109-erpjhchkw6
-
MD5
b2c07697fa0b7fd99f5bf56e2555ffae
-
SHA1
117c3a2df7ddff8334e9e28f331b37750bca075d
-
SHA256
f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
-
SHA512
284aca733ea5498c17fce3524d9ac3e3bc10fcdbf61045ca78c19e49dc4ac7645ff27dbb78c663617376f64453fb390e0553676b8a448db21cf423b3f2564cca
Static task
static1
Behavioral task
behavioral1
Sample
f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
-
Size
1.1MB
-
MD5
b2c07697fa0b7fd99f5bf56e2555ffae
-
SHA1
117c3a2df7ddff8334e9e28f331b37750bca075d
-
SHA256
f7317b7888caeb1f89276675ffc2608d6cb79bc96d582304ce985c0be4c9389f
-
SHA512
284aca733ea5498c17fce3524d9ac3e3bc10fcdbf61045ca78c19e49dc4ac7645ff27dbb78c663617376f64453fb390e0553676b8a448db21cf423b3f2564cca
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-