General
-
Target
9a307ff705e2a745e18ada695dc558e509d6237cde4ddaadd9014790faa8c4ab
-
Size
1.1MB
-
Sample
201114-6zr4dfbj36
-
MD5
fa45eb7c0b88ebbd6546326782b87842
-
SHA1
ef342f1963a3e881ff9753f580036eeffa0c81d7
-
SHA256
9a307ff705e2a745e18ada695dc558e509d6237cde4ddaadd9014790faa8c4ab
-
SHA512
4c8f91872a72684f2960d452a7607378732c422ce1669d84abab28b70778a4a59e0a5f0653acfa0b33e6609066774c8ea013da7f7237f247ec0deabb42af124d
Static task
static1
Behavioral task
behavioral1
Sample
9a307ff705e2a745e18ada695dc558e509d6237cde4ddaadd9014790faa8c4ab.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
9a307ff705e2a745e18ada695dc558e509d6237cde4ddaadd9014790faa8c4ab
-
Size
1.1MB
-
MD5
fa45eb7c0b88ebbd6546326782b87842
-
SHA1
ef342f1963a3e881ff9753f580036eeffa0c81d7
-
SHA256
9a307ff705e2a745e18ada695dc558e509d6237cde4ddaadd9014790faa8c4ab
-
SHA512
4c8f91872a72684f2960d452a7607378732c422ce1669d84abab28b70778a4a59e0a5f0653acfa0b33e6609066774c8ea013da7f7237f247ec0deabb42af124d
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-