General
-
Target
5b5c40a87df0ef2e2bf553025033885176bb0e016fb1f9661d8131be6b46764a
-
Size
1.1MB
-
Sample
201113-8axcpey71e
-
MD5
a65c60e28553d2f1b3109cf00a7130d3
-
SHA1
34794cf2cadaad7d4681b9940cc880389bc33e37
-
SHA256
5b5c40a87df0ef2e2bf553025033885176bb0e016fb1f9661d8131be6b46764a
-
SHA512
6b05f3e0ab05a8887a37a5e4baaf93c4769c28ed4a9f14de055959308dc25bdcd9dcb6edf0ba6440b489fc04bd3640239c6fc695eba748c33f73d92b2061e2bd
Static task
static1
Behavioral task
behavioral1
Sample
5b5c40a87df0ef2e2bf553025033885176bb0e016fb1f9661d8131be6b46764a.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
5b5c40a87df0ef2e2bf553025033885176bb0e016fb1f9661d8131be6b46764a
-
Size
1.1MB
-
MD5
a65c60e28553d2f1b3109cf00a7130d3
-
SHA1
34794cf2cadaad7d4681b9940cc880389bc33e37
-
SHA256
5b5c40a87df0ef2e2bf553025033885176bb0e016fb1f9661d8131be6b46764a
-
SHA512
6b05f3e0ab05a8887a37a5e4baaf93c4769c28ed4a9f14de055959308dc25bdcd9dcb6edf0ba6440b489fc04bd3640239c6fc695eba748c33f73d92b2061e2bd
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-