General
-
Target
7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
-
Size
1.1MB
-
Sample
201112-xckhn8fvdx
-
MD5
e452fc00c57b8434ad18220ee56f26e0
-
SHA1
6134dfdbef4ab5c9f686403236bdee856d13f80d
-
SHA256
7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
-
SHA512
235de8822ff738b5af9095819a3184cf9b05cf0e884e55fb3e048054745b7aaf5671fbe3a64c8671469da5176626e07d1ed6dcd4d50b51dd445ede37e410ceba
Static task
static1
Behavioral task
behavioral1
Sample
7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
-
Size
1.1MB
-
MD5
e452fc00c57b8434ad18220ee56f26e0
-
SHA1
6134dfdbef4ab5c9f686403236bdee856d13f80d
-
SHA256
7f5ae904bdf9d8cac002b585478ff9ce90ca4c4010b7759b7e36439bd565ed6f
-
SHA512
235de8822ff738b5af9095819a3184cf9b05cf0e884e55fb3e048054745b7aaf5671fbe3a64c8671469da5176626e07d1ed6dcd4d50b51dd445ede37e410ceba
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-