General
-
Target
e5c3dfaff91dff6288a74933d6153f6ce498970a06016168840da65290765fa7
-
Size
1.1MB
-
Sample
201113-pfvh95p1ge
-
MD5
82871b4cfecba1ab1f10cd22e0dd1ee8
-
SHA1
891bf6d956808e638d296c9a90f5aa331f781998
-
SHA256
e5c3dfaff91dff6288a74933d6153f6ce498970a06016168840da65290765fa7
-
SHA512
b7ef604e87ddf2c1fcf9bea71fcb0d4eecc25a2db90f92f99bc9f816249075029e2baad308fb1e86a03541dfb473b9ff8e3a8ee2aa4b9fd84b445e896c761511
Static task
static1
Behavioral task
behavioral1
Sample
e5c3dfaff91dff6288a74933d6153f6ce498970a06016168840da65290765fa7.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
e5c3dfaff91dff6288a74933d6153f6ce498970a06016168840da65290765fa7
-
Size
1.1MB
-
MD5
82871b4cfecba1ab1f10cd22e0dd1ee8
-
SHA1
891bf6d956808e638d296c9a90f5aa331f781998
-
SHA256
e5c3dfaff91dff6288a74933d6153f6ce498970a06016168840da65290765fa7
-
SHA512
b7ef604e87ddf2c1fcf9bea71fcb0d4eecc25a2db90f92f99bc9f816249075029e2baad308fb1e86a03541dfb473b9ff8e3a8ee2aa4b9fd84b445e896c761511
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-