General
-
Target
cde560b79a71056438ff4bb8e8b754827716ec32daf1c53b4806557007364820
-
Size
1MB
-
Sample
201115-r7s2nq58v2
-
MD5
884ea12c370a9599f41547092ca3aaf9
-
SHA1
e8c76bd28cd2ca9f2fd358adddb418c83a761601
-
SHA256
cde560b79a71056438ff4bb8e8b754827716ec32daf1c53b4806557007364820
-
SHA512
a01f8aedf1f47a461a3344fb12042adfd2727fb1ad5b9b5d5817037bd800bb629b332b7b04aa388b7033ccb48bdfd6db3361292f277bab01192b0a6a3c98b14d
Static task
static1
Behavioral task
behavioral1
Sample
cde560b79a71056438ff4bb8e8b754827716ec32daf1c53b4806557007364820.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
cde560b79a71056438ff4bb8e8b754827716ec32daf1c53b4806557007364820
-
Size
1MB
-
MD5
884ea12c370a9599f41547092ca3aaf9
-
SHA1
e8c76bd28cd2ca9f2fd358adddb418c83a761601
-
SHA256
cde560b79a71056438ff4bb8e8b754827716ec32daf1c53b4806557007364820
-
SHA512
a01f8aedf1f47a461a3344fb12042adfd2727fb1ad5b9b5d5817037bd800bb629b332b7b04aa388b7033ccb48bdfd6db3361292f277bab01192b0a6a3c98b14d
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-