General
-
Target
8a963855d2bde20c811dd80f6403b2a40779094bcd0d4dee0315b1e928fe5ef2
-
Size
1.5MB
-
Sample
201112-sjpah11jfj
-
MD5
cb001e8ea5a6ec3a3c2a0cc1464fcf94
-
SHA1
972ecdb4dacdea14bd6e1d23a2e6e8e5ff3554f3
-
SHA256
8a963855d2bde20c811dd80f6403b2a40779094bcd0d4dee0315b1e928fe5ef2
-
SHA512
bb9c5db21e84b327dbc06ef63dc01082dd5adbe9ac97de66384911c23f59b739fd2dcf35b34844aa8cc8aa33f40e6f0eda7638e39d16d446bfcb9e3fab2b3f0d
Static task
static1
Behavioral task
behavioral1
Sample
8a963855d2bde20c811dd80f6403b2a40779094bcd0d4dee0315b1e928fe5ef2.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
8a963855d2bde20c811dd80f6403b2a40779094bcd0d4dee0315b1e928fe5ef2
-
Size
1.5MB
-
MD5
cb001e8ea5a6ec3a3c2a0cc1464fcf94
-
SHA1
972ecdb4dacdea14bd6e1d23a2e6e8e5ff3554f3
-
SHA256
8a963855d2bde20c811dd80f6403b2a40779094bcd0d4dee0315b1e928fe5ef2
-
SHA512
bb9c5db21e84b327dbc06ef63dc01082dd5adbe9ac97de66384911c23f59b739fd2dcf35b34844aa8cc8aa33f40e6f0eda7638e39d16d446bfcb9e3fab2b3f0d
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-