General
-
Target
233f1b763369bcb5b0033a38bead6623168e017eb89da62ac58801606a76d452
-
Size
993KB
-
Sample
201114-4ky4yd2q3j
-
MD5
fce86caf8506a0d1d773556a5f096aef
-
SHA1
65a7a6200de011ae58558935744eb095a9fdfaf3
-
SHA256
233f1b763369bcb5b0033a38bead6623168e017eb89da62ac58801606a76d452
-
SHA512
637074a7848c814fc05d1430562d648b4b7fde948e02c3949d509807d39f4484a81a85715a7d236c48541872480084bfc37d235494ff405fb2ca57939398ea20
Static task
static1
Behavioral task
behavioral1
Sample
233f1b763369bcb5b0033a38bead6623168e017eb89da62ac58801606a76d452.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.iigcest.com - Port:
587 - Username:
ansaf@iigcest.com - Password:
Ans2016@
Targets
-
-
Target
233f1b763369bcb5b0033a38bead6623168e017eb89da62ac58801606a76d452
-
Size
993KB
-
MD5
fce86caf8506a0d1d773556a5f096aef
-
SHA1
65a7a6200de011ae58558935744eb095a9fdfaf3
-
SHA256
233f1b763369bcb5b0033a38bead6623168e017eb89da62ac58801606a76d452
-
SHA512
637074a7848c814fc05d1430562d648b4b7fde948e02c3949d509807d39f4484a81a85715a7d236c48541872480084bfc37d235494ff405fb2ca57939398ea20
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-