General
-
Target
77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
-
Size
886KB
-
Sample
201109-nv21zarc6a
-
MD5
cd713c97872e4bef725c9ef8cda588a4
-
SHA1
e834055c3958f586870b8c6a5ded5bdc8fc9210f
-
SHA256
77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
-
SHA512
da579e72a0b21bbdb6a72cd8427654baafff0a10d2a519fedeae37d15826dab858ce1a076ebbe6c89414a54d2d9fe51db095a246e6577c7da74af643ea0394d8
Static task
static1
Behavioral task
behavioral1
Sample
77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
-
Size
886KB
-
MD5
cd713c97872e4bef725c9ef8cda588a4
-
SHA1
e834055c3958f586870b8c6a5ded5bdc8fc9210f
-
SHA256
77baa7ef710930a6b61e5a0624e60d7c4e68412be5d00e32d2c7ca345ae834c3
-
SHA512
da579e72a0b21bbdb6a72cd8427654baafff0a10d2a519fedeae37d15826dab858ce1a076ebbe6c89414a54d2d9fe51db095a246e6577c7da74af643ea0394d8
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-