General
-
Target
78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
-
Size
1.1MB
-
Sample
201113-hxd3mxpe4s
-
MD5
989e7890bf658ab56ee9eec72cd8483b
-
SHA1
777fb8de248994011e1fbce4502c00de9ca0d976
-
SHA256
78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
-
SHA512
3a747302ddfeb82a9df59096b84324775be29ad8c89f6bf8bb0e9a9af62f8a31f9378928f4dc7672d6ee99b0a118812f0ad1c82e1077fe99643acf2c5e00aec3
Static task
static1
Behavioral task
behavioral1
Sample
78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
-
Size
1.1MB
-
MD5
989e7890bf658ab56ee9eec72cd8483b
-
SHA1
777fb8de248994011e1fbce4502c00de9ca0d976
-
SHA256
78f2928a8650e66c9701ca99334a70ef309ff551d2932f2819e80125028a8164
-
SHA512
3a747302ddfeb82a9df59096b84324775be29ad8c89f6bf8bb0e9a9af62f8a31f9378928f4dc7672d6ee99b0a118812f0ad1c82e1077fe99643acf2c5e00aec3
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-