General
-
Target
4aa2ba898c0c924d352ab195b280922a85b97970a6fa03183b6a717c547c9173
-
Size
1.1MB
-
Sample
201113-kv5ll2bjzj
-
MD5
b6b3d6cdf1a21f110cad0f4102fa7385
-
SHA1
dd087f9b2c4030ab6d441625f42d7bf472904a25
-
SHA256
4aa2ba898c0c924d352ab195b280922a85b97970a6fa03183b6a717c547c9173
-
SHA512
441dccc43da695a20621c9ecb95b3713eff9fe1bc8167950878199b9bf785eb8e2879b671375fbec046c632be94c652a0c5cc331268ba8cfe59fe38e801a47ca
Static task
static1
Behavioral task
behavioral1
Sample
4aa2ba898c0c924d352ab195b280922a85b97970a6fa03183b6a717c547c9173.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
4aa2ba898c0c924d352ab195b280922a85b97970a6fa03183b6a717c547c9173
-
Size
1.1MB
-
MD5
b6b3d6cdf1a21f110cad0f4102fa7385
-
SHA1
dd087f9b2c4030ab6d441625f42d7bf472904a25
-
SHA256
4aa2ba898c0c924d352ab195b280922a85b97970a6fa03183b6a717c547c9173
-
SHA512
441dccc43da695a20621c9ecb95b3713eff9fe1bc8167950878199b9bf785eb8e2879b671375fbec046c632be94c652a0c5cc331268ba8cfe59fe38e801a47ca
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-