General
-
Target
INQUIRY.exe
-
Size
983KB
-
Sample
201117-3eh9g9jy9x
-
MD5
f354ba5b2b1698b83201afe17fb068fa
-
SHA1
72d40d81e7151a28178c74971a883991d6a33de0
-
SHA256
04f6177bee237fe8f49353b9455c7367d6ab4d9e14a4139c9fccd7e4d349ce82
-
SHA512
1e9898871da0f0ec35ef7b84258827a498fe885dbe8bbc135ca341d87281424c5ace42ae43436adc1d4fafe90658f234571f755518b89eba047c7a0e72cf6c9b
Static task
static1
Behavioral task
behavioral1
Sample
INQUIRY.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.iigcest.com - Port:
587 - Username:
ansaf@iigcest.com - Password:
Ans2016@
Targets
-
-
Target
INQUIRY.exe
-
Size
983KB
-
MD5
f354ba5b2b1698b83201afe17fb068fa
-
SHA1
72d40d81e7151a28178c74971a883991d6a33de0
-
SHA256
04f6177bee237fe8f49353b9455c7367d6ab4d9e14a4139c9fccd7e4d349ce82
-
SHA512
1e9898871da0f0ec35ef7b84258827a498fe885dbe8bbc135ca341d87281424c5ace42ae43436adc1d4fafe90658f234571f755518b89eba047c7a0e72cf6c9b
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-