General
-
Target
37e764aee783ccadfde4fc15bdada66d96686c262f903e66133a09ba9a01324c
-
Size
1023KB
-
Sample
201114-8pzskmlapx
-
MD5
8127da11119abfc8b94d75c0607a705e
-
SHA1
801168ddf73783ffff14afc5d7188629a45fa8c0
-
SHA256
37e764aee783ccadfde4fc15bdada66d96686c262f903e66133a09ba9a01324c
-
SHA512
3ffdebc4f0770e2fcdfd642e098e566f970c7af7bea10107ce74492c60381bdabf105fb7adccc055bae637155fab9146ec74f11ab4f926d1edb086e643f4d5fe
Static task
static1
Behavioral task
behavioral1
Sample
37e764aee783ccadfde4fc15bdada66d96686c262f903e66133a09ba9a01324c.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
37e764aee783ccadfde4fc15bdada66d96686c262f903e66133a09ba9a01324c
-
Size
1023KB
-
MD5
8127da11119abfc8b94d75c0607a705e
-
SHA1
801168ddf73783ffff14afc5d7188629a45fa8c0
-
SHA256
37e764aee783ccadfde4fc15bdada66d96686c262f903e66133a09ba9a01324c
-
SHA512
3ffdebc4f0770e2fcdfd642e098e566f970c7af7bea10107ce74492c60381bdabf105fb7adccc055bae637155fab9146ec74f11ab4f926d1edb086e643f4d5fe
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-