General
-
Target
Enquiry_pdf.exe
-
Size
957KB
-
Sample
201113-p9qqrl97je
-
MD5
a8698b599aeab36b4e316b6ff1eb4169
-
SHA1
0caa2ab74a8c5c3bd83dc0bb9fe88da205767b2b
-
SHA256
20485e51c68bc57a9bbb2dff973ea7eecd96cf6e74272aa9f92a27c3259d7620
-
SHA512
828ab8fcef818be538e35f541b7e766cf03f6a00758e48bc9fe19e43966219cf7397f9c1d65167723fcad9120a245b2cfdc01c2148040dc190805a9310a77e87
Static task
static1
Behavioral task
behavioral1
Sample
Enquiry_pdf.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.foodprocessorsng.org - Port:
587 - Username:
members@foodprocessorsng.org - Password:
Food123Member
Targets
-
-
Target
Enquiry_pdf.exe
-
Size
957KB
-
MD5
a8698b599aeab36b4e316b6ff1eb4169
-
SHA1
0caa2ab74a8c5c3bd83dc0bb9fe88da205767b2b
-
SHA256
20485e51c68bc57a9bbb2dff973ea7eecd96cf6e74272aa9f92a27c3259d7620
-
SHA512
828ab8fcef818be538e35f541b7e766cf03f6a00758e48bc9fe19e43966219cf7397f9c1d65167723fcad9120a245b2cfdc01c2148040dc190805a9310a77e87
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-