General
-
Target
0a6d73a1bcc11e982242053e69819765
-
Size
1.5MB
-
Sample
201117-cj1lz84k6a
-
MD5
0b272ce4504fea9ef39ffa6d17e6d89f
-
SHA1
851fc630e6435135822079d8c8ed2924792b96b1
-
SHA256
eea5bbf97d1865846716e179ccd5cd9c3f31b2244cf537ff7cba9f1903717ed1
-
SHA512
cbb78ec8631476321daf791f7e532604a831e598159acbecdaf574aac04deb98f0170036297ffeafad9efaa9a11020060b7bcb670e4450764814649edd444395
Static task
static1
Behavioral task
behavioral1
Sample
0a6d73a1bcc11e982242053e69819765.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
0a6d73a1bcc11e982242053e69819765
-
Size
1.5MB
-
MD5
0b272ce4504fea9ef39ffa6d17e6d89f
-
SHA1
851fc630e6435135822079d8c8ed2924792b96b1
-
SHA256
eea5bbf97d1865846716e179ccd5cd9c3f31b2244cf537ff7cba9f1903717ed1
-
SHA512
cbb78ec8631476321daf791f7e532604a831e598159acbecdaf574aac04deb98f0170036297ffeafad9efaa9a11020060b7bcb670e4450764814649edd444395
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-