General
-
Target
POL.exe
-
Size
873KB
-
Sample
201109-ngbfyk2ynj
-
MD5
68a170452e42bcc18b6e91812a08cfc9
-
SHA1
7b710b3d50f45e1f522341713fa24170454d9f48
-
SHA256
fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
-
SHA512
280a492aa64912b9329902c22ec4535375673860519db8c65fae2c1fc6e49fed3005d3a20ed01d5e5661c71a32be5de610d97711e8649dd3b3ef1937e2b17b99
Static task
static1
Behavioral task
behavioral1
Sample
POL.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
POL.exe
-
Size
873KB
-
MD5
68a170452e42bcc18b6e91812a08cfc9
-
SHA1
7b710b3d50f45e1f522341713fa24170454d9f48
-
SHA256
fe966a744b83daaecb2b4b01adc7204e42d3f98955e142e78d7a948709185d27
-
SHA512
280a492aa64912b9329902c22ec4535375673860519db8c65fae2c1fc6e49fed3005d3a20ed01d5e5661c71a32be5de610d97711e8649dd3b3ef1937e2b17b99
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-