General
-
Target
96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
-
Size
2.1MB
-
Sample
201111-v8bdtd6mxx
-
MD5
16dcbff85a4dec40a185e8b99aba36a4
-
SHA1
0550ea379853c4e4c74f406c21ad14c9911f98f2
-
SHA256
96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
-
SHA512
b6041b36e300c9c27a0677847c14cef8a81f3cd576bdbea8aba0f8b755ca6d4a5a767b46e6149af09123e5495066c6b6acd77018c93a0ef9135bcd30c18c4553
Static task
static1
Behavioral task
behavioral1
Sample
96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
-
Size
2.1MB
-
MD5
16dcbff85a4dec40a185e8b99aba36a4
-
SHA1
0550ea379853c4e4c74f406c21ad14c9911f98f2
-
SHA256
96c6d9f30e29d0d8779b4ce4ec9fa070edb26171d48879f8eff4bb7556cbc854
-
SHA512
b6041b36e300c9c27a0677847c14cef8a81f3cd576bdbea8aba0f8b755ca6d4a5a767b46e6149af09123e5495066c6b6acd77018c93a0ef9135bcd30c18c4553
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-