General
-
Target
1532c731a4a27f84217899e49abaf03a3913765074700b7f896f246715a64cb6
-
Size
962KB
-
Sample
201114-k6e58cc8da
-
MD5
cdf406d710f0927d0c3da612522ecf81
-
SHA1
adb902ad470511d4c47923d0a3637428f59b8dff
-
SHA256
1532c731a4a27f84217899e49abaf03a3913765074700b7f896f246715a64cb6
-
SHA512
288dc89a4f5421488a2faffdaedd047093d340593a851c46e6f2fe57cd8b7e0ab93b44233633928451d403c764f6741aeece631bb6fb315f338c0fc6d2969cbd
Static task
static1
Behavioral task
behavioral1
Sample
1532c731a4a27f84217899e49abaf03a3913765074700b7f896f246715a64cb6.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
1532c731a4a27f84217899e49abaf03a3913765074700b7f896f246715a64cb6
-
Size
962KB
-
MD5
cdf406d710f0927d0c3da612522ecf81
-
SHA1
adb902ad470511d4c47923d0a3637428f59b8dff
-
SHA256
1532c731a4a27f84217899e49abaf03a3913765074700b7f896f246715a64cb6
-
SHA512
288dc89a4f5421488a2faffdaedd047093d340593a851c46e6f2fe57cd8b7e0ab93b44233633928451d403c764f6741aeece631bb6fb315f338c0fc6d2969cbd
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-