General
-
Target
beea702d4ce37c80af34496640fc3d065db9519a8957731fb252a3ce87814c45
-
Size
1.1MB
-
Sample
201109-kr2hbeacz6
-
MD5
54c892cb367e7f6bc1bd8acfe281ea18
-
SHA1
10ea3f802c5fbf4ecadb9270be8779b5acb283b1
-
SHA256
beea702d4ce37c80af34496640fc3d065db9519a8957731fb252a3ce87814c45
-
SHA512
2bacad4e3b12fe5feae0ed01227b50ba36ffaa4a37a083bc2a96a632b6547a0f54f41d2a085e204999746f88abe25030453d57d7ac90d0e8d6f057981ed50090
Static task
static1
Behavioral task
behavioral1
Sample
beea702d4ce37c80af34496640fc3d065db9519a8957731fb252a3ce87814c45.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
beea702d4ce37c80af34496640fc3d065db9519a8957731fb252a3ce87814c45
-
Size
1.1MB
-
MD5
54c892cb367e7f6bc1bd8acfe281ea18
-
SHA1
10ea3f802c5fbf4ecadb9270be8779b5acb283b1
-
SHA256
beea702d4ce37c80af34496640fc3d065db9519a8957731fb252a3ce87814c45
-
SHA512
2bacad4e3b12fe5feae0ed01227b50ba36ffaa4a37a083bc2a96a632b6547a0f54f41d2a085e204999746f88abe25030453d57d7ac90d0e8d6f057981ed50090
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-