General
-
Target
47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
-
Size
963KB
-
Sample
201114-ljzr4f4fln
-
MD5
e3dc8a06c6868795cb371abb1a5f7c77
-
SHA1
ef5ddff29f5c777062e54c97f17eeb238c41e7cf
-
SHA256
47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
-
SHA512
8a0d21e1860fb75543fa1d27c416fcd01fe980d1c4e8fa4c0cf8dbfb418e1a187f8e93908c25332b6709783d73663e9b0e34d83387d639f582f8a718a85bdd98
Static task
static1
Behavioral task
behavioral1
Sample
47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
-
Size
963KB
-
MD5
e3dc8a06c6868795cb371abb1a5f7c77
-
SHA1
ef5ddff29f5c777062e54c97f17eeb238c41e7cf
-
SHA256
47461814a24f2d54783d635bfc96976a78fd08eeb04a74a60a5dc0315c82cde1
-
SHA512
8a0d21e1860fb75543fa1d27c416fcd01fe980d1c4e8fa4c0cf8dbfb418e1a187f8e93908c25332b6709783d73663e9b0e34d83387d639f582f8a718a85bdd98
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-