General
-
Target
9f176d02e8b82e189b13f8c947e59973efb2115639f7e21187fe7e419d01c9c2
-
Size
1.1MB
-
Sample
201112-1yynm46xga
-
MD5
223188d943b900a8afedb02ff93b5f2a
-
SHA1
7637f0303c5f5896a7cf28d3ce5643bf23ee1eaf
-
SHA256
9f176d02e8b82e189b13f8c947e59973efb2115639f7e21187fe7e419d01c9c2
-
SHA512
f84acd2436cf7cb82100341446cf557e1c5953c82318b26088d1f6a4c7398b913f1fd8b0c89af2900627b220f2a2a03cd65294deb4cc69fc77800bd86663f598
Static task
static1
Behavioral task
behavioral1
Sample
9f176d02e8b82e189b13f8c947e59973efb2115639f7e21187fe7e419d01c9c2.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
9f176d02e8b82e189b13f8c947e59973efb2115639f7e21187fe7e419d01c9c2
-
Size
1.1MB
-
MD5
223188d943b900a8afedb02ff93b5f2a
-
SHA1
7637f0303c5f5896a7cf28d3ce5643bf23ee1eaf
-
SHA256
9f176d02e8b82e189b13f8c947e59973efb2115639f7e21187fe7e419d01c9c2
-
SHA512
f84acd2436cf7cb82100341446cf557e1c5953c82318b26088d1f6a4c7398b913f1fd8b0c89af2900627b220f2a2a03cd65294deb4cc69fc77800bd86663f598
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-