General
-
Target
623e29da3cbccc57d44ece7495fe9f34
-
Size
1MB
-
Sample
201117-zz4k5acfbe
-
MD5
171f9d8bd82b36169284374c9c70e54d
-
SHA1
546857bae93bb2734f9ec859661d118e03a408bc
-
SHA256
c70ca05804ee008cee5701160eb0753d913164ef4bb85aac6ba5cd08c88ba41d
-
SHA512
12d18abfaa4eaa65b0313252c6c97d20b1886e553d8a03d1d00c067d6872abaef73f5710c4ce62043c03f80f4c57a01427e18901a9e47257ead30816f349a14c
Static task
static1
Behavioral task
behavioral1
Sample
623e29da3cbccc57d44ece7495fe9f34.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.casalsmd.com - Port:
587 - Username:
carolina@casalsmd.com - Password:
Carolina123
Targets
-
-
Target
623e29da3cbccc57d44ece7495fe9f34
-
Size
1MB
-
MD5
171f9d8bd82b36169284374c9c70e54d
-
SHA1
546857bae93bb2734f9ec859661d118e03a408bc
-
SHA256
c70ca05804ee008cee5701160eb0753d913164ef4bb85aac6ba5cd08c88ba41d
-
SHA512
12d18abfaa4eaa65b0313252c6c97d20b1886e553d8a03d1d00c067d6872abaef73f5710c4ce62043c03f80f4c57a01427e18901a9e47257ead30816f349a14c
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-