General
-
Target
6351df97ad5c397ca6f90b7344b534dd95ad10e3945dce4766c52615af96ba86
-
Size
1.5MB
-
Sample
201115-dw7fhwgx52
-
MD5
2ebcbce3a454b07ae4bef1f9bdf1aeed
-
SHA1
203022baa8bd7d52fd1066e9afc99b1039e6707e
-
SHA256
6351df97ad5c397ca6f90b7344b534dd95ad10e3945dce4766c52615af96ba86
-
SHA512
890750941efdd6326247a98bd59363a4144e6913add614ebf746360855a13c6c55db03b6e6edc4023d4ec2ac1547dc1bc17df9a0c3925e3d71e93b966554d555
Static task
static1
Behavioral task
behavioral1
Sample
6351df97ad5c397ca6f90b7344b534dd95ad10e3945dce4766c52615af96ba86.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
6351df97ad5c397ca6f90b7344b534dd95ad10e3945dce4766c52615af96ba86
-
Size
1.5MB
-
MD5
2ebcbce3a454b07ae4bef1f9bdf1aeed
-
SHA1
203022baa8bd7d52fd1066e9afc99b1039e6707e
-
SHA256
6351df97ad5c397ca6f90b7344b534dd95ad10e3945dce4766c52615af96ba86
-
SHA512
890750941efdd6326247a98bd59363a4144e6913add614ebf746360855a13c6c55db03b6e6edc4023d4ec2ac1547dc1bc17df9a0c3925e3d71e93b966554d555
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-