General
-
Target
payment_advice.exe
-
Size
233KB
-
Sample
201109-x3nkzbzmjj
-
MD5
d7d8354b7ff33a62a6e4760a8fb98209
-
SHA1
ebf0096d1d202764e4c810a8f65803f226ef21ea
-
SHA256
841e400462718d0c71b30ac5c90768c409485806146ee50bfc2f866913ffcf49
-
SHA512
84fb533f66ba86ed8e4724c50ca1f06806c742d1a7d7cead8f264b303b44c463028eff63efe8e6d44ba03bcd3ad1e4e8e52c4197bbb9cd16d7314769898e0d09
Static task
static1
Behavioral task
behavioral1
Sample
payment_advice.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
payment_advice.exe
-
Size
233KB
-
MD5
d7d8354b7ff33a62a6e4760a8fb98209
-
SHA1
ebf0096d1d202764e4c810a8f65803f226ef21ea
-
SHA256
841e400462718d0c71b30ac5c90768c409485806146ee50bfc2f866913ffcf49
-
SHA512
84fb533f66ba86ed8e4724c50ca1f06806c742d1a7d7cead8f264b303b44c463028eff63efe8e6d44ba03bcd3ad1e4e8e52c4197bbb9cd16d7314769898e0d09
-
Deletes itself
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-