General
-
Target
ec021f264e15c9d1c6cf8a5b12325f76d3218abc56927abd63180c3067d24938
-
Size
1.1MB
-
Sample
201115-atw27pkxyx
-
MD5
ae1a45894dba2a1a2c003cadd08a2821
-
SHA1
7ea24923c3403fb72dd186a85221a6e077165b69
-
SHA256
ec021f264e15c9d1c6cf8a5b12325f76d3218abc56927abd63180c3067d24938
-
SHA512
1f0e4c19e8533a09e4e6ea034a0877ce27d89f9b1c8a7cff88bc35ac892703282d6627005ce219ed63d253c9cd3bd703b292bb583b1d9f17f9c6994338bfe8db
Static task
static1
Behavioral task
behavioral1
Sample
ec021f264e15c9d1c6cf8a5b12325f76d3218abc56927abd63180c3067d24938.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
ec021f264e15c9d1c6cf8a5b12325f76d3218abc56927abd63180c3067d24938
-
Size
1.1MB
-
MD5
ae1a45894dba2a1a2c003cadd08a2821
-
SHA1
7ea24923c3403fb72dd186a85221a6e077165b69
-
SHA256
ec021f264e15c9d1c6cf8a5b12325f76d3218abc56927abd63180c3067d24938
-
SHA512
1f0e4c19e8533a09e4e6ea034a0877ce27d89f9b1c8a7cff88bc35ac892703282d6627005ce219ed63d253c9cd3bd703b292bb583b1d9f17f9c6994338bfe8db
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-