General
-
Target
16dcbff85a4dec40a185e8b99aba36a4
-
Size
2.1MB
-
Sample
201117-rvnv59pjp2
-
MD5
851c27479874066a31f0cb90934388cd
-
SHA1
87900e18d44ff9c6195154a459e75d29e3f12aad
-
SHA256
10239fd8380cf3ef7a0d7345af72e6921d92338fc383a5335f333dbff5aba4ad
-
SHA512
112dab593810403dd65395a9dffc2ff5216bf4fb08cc7c74b3bfd4d6f1f00ca231950475db960e25b2eeaba7cd7b7a3905c6505b8c69293d0b463fc4f700b035
Static task
static1
Behavioral task
behavioral1
Sample
16dcbff85a4dec40a185e8b99aba36a4.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
16dcbff85a4dec40a185e8b99aba36a4
-
Size
2.1MB
-
MD5
851c27479874066a31f0cb90934388cd
-
SHA1
87900e18d44ff9c6195154a459e75d29e3f12aad
-
SHA256
10239fd8380cf3ef7a0d7345af72e6921d92338fc383a5335f333dbff5aba4ad
-
SHA512
112dab593810403dd65395a9dffc2ff5216bf4fb08cc7c74b3bfd4d6f1f00ca231950475db960e25b2eeaba7cd7b7a3905c6505b8c69293d0b463fc4f700b035
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-