General
-
Target
6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
-
Size
1.0MB
-
Sample
201114-exk9cn7ejj
-
MD5
ba6d7442594e9953cde6bc7f376ccbb6
-
SHA1
933aaccb99adb26e2061e89294649e633899cce4
-
SHA256
6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
-
SHA512
0d2ff256b0dd26d1fdebd29405d6531297b711ab6d9dd9d62d3de1c545c29798aaceab8aaca9fd068bd768283d0bd3fce87861f29206a096039fe52380e291a2
Static task
static1
Behavioral task
behavioral1
Sample
6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
-
Size
1.0MB
-
MD5
ba6d7442594e9953cde6bc7f376ccbb6
-
SHA1
933aaccb99adb26e2061e89294649e633899cce4
-
SHA256
6144777174bede752f4db8fdddbccd2aa5fe4532491b8b351bd3a67bc1f0de2b
-
SHA512
0d2ff256b0dd26d1fdebd29405d6531297b711ab6d9dd9d62d3de1c545c29798aaceab8aaca9fd068bd768283d0bd3fce87861f29206a096039fe52380e291a2
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-