General
-
Target
0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
-
Size
1.1MB
-
Sample
201111-9hr55dmahe
-
MD5
f00ae271782ebffdb9248b0277ed7fdb
-
SHA1
efbf5ddbfa8565d159f58d330b1aad03727ba8c0
-
SHA256
0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
-
SHA512
03b71686beec5bd9ae5a8f0330e2b0c234466de02715b7d2bbefa68576b68f30bae22aedf512a44f8134073ab951a44586f9115bc9bd3ea985d42075d5d204b7
Static task
static1
Behavioral task
behavioral1
Sample
0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
-
Size
1.1MB
-
MD5
f00ae271782ebffdb9248b0277ed7fdb
-
SHA1
efbf5ddbfa8565d159f58d330b1aad03727ba8c0
-
SHA256
0d5ff709cd566b8f8a2f26b6038306b664c7431d8bddbd90982b399b04d169e8
-
SHA512
03b71686beec5bd9ae5a8f0330e2b0c234466de02715b7d2bbefa68576b68f30bae22aedf512a44f8134073ab951a44586f9115bc9bd3ea985d42075d5d204b7
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-