General
-
Target
54d657c9a3d9b7b41c8d6c3c351e8e00
-
Size
960KB
-
Sample
201117-b8csk8cn4j
-
MD5
9a180b603d9232a773acfee12f5e448e
-
SHA1
ed5536d823ab96e7543269dceddad076af54b63d
-
SHA256
7907686d20104808021d5d4130039fed4fc7946ebc48d6e554bfcf01e69edfae
-
SHA512
643d5062367b1fcb00399a4827e7f42e3b5e02178d4eba8b7d68ea75cf3dd843fffa7da0f75b33d82aaf4cb7840a38368c44716e5c9727d12e0a8fb5dcdffeeb
Static task
static1
Behavioral task
behavioral1
Sample
54d657c9a3d9b7b41c8d6c3c351e8e00.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.ilkimegitim.com - Port:
587 - Username:
savas@ilkimegitim.com - Password:
Savas581
Targets
-
-
Target
54d657c9a3d9b7b41c8d6c3c351e8e00
-
Size
960KB
-
MD5
9a180b603d9232a773acfee12f5e448e
-
SHA1
ed5536d823ab96e7543269dceddad076af54b63d
-
SHA256
7907686d20104808021d5d4130039fed4fc7946ebc48d6e554bfcf01e69edfae
-
SHA512
643d5062367b1fcb00399a4827e7f42e3b5e02178d4eba8b7d68ea75cf3dd843fffa7da0f75b33d82aaf4cb7840a38368c44716e5c9727d12e0a8fb5dcdffeeb
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-