General
-
Target
74ac4df1995949478b501f04444e4c09317ded110149f066c8b9c71d2580b004
-
Size
1.1MB
-
Sample
201115-r51q52slwx
-
MD5
c22056ecc2af6ad3d132e7de559cc893
-
SHA1
fca611b97fd08b283819a13b08d075507444e4ab
-
SHA256
74ac4df1995949478b501f04444e4c09317ded110149f066c8b9c71d2580b004
-
SHA512
c284a9ae20f6779a6274a9ba3d2a70f5650f91e90ce72591d9676179aa4845a1fc8c19375a5ac834d4ede67e227084ac5d86d8e98935043427870f56c1667694
Static task
static1
Behavioral task
behavioral1
Sample
74ac4df1995949478b501f04444e4c09317ded110149f066c8b9c71d2580b004.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
74ac4df1995949478b501f04444e4c09317ded110149f066c8b9c71d2580b004
-
Size
1.1MB
-
MD5
c22056ecc2af6ad3d132e7de559cc893
-
SHA1
fca611b97fd08b283819a13b08d075507444e4ab
-
SHA256
74ac4df1995949478b501f04444e4c09317ded110149f066c8b9c71d2580b004
-
SHA512
c284a9ae20f6779a6274a9ba3d2a70f5650f91e90ce72591d9676179aa4845a1fc8c19375a5ac834d4ede67e227084ac5d86d8e98935043427870f56c1667694
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-