General
-
Target
Prueba de pago.exe
-
Size
1.1MB
-
Sample
201118-qxkd8j3gqa
-
MD5
b3a244a097904a4d6689a582d7ec9985
-
SHA1
b16032d83c91ee333221fafadd5f2381ca659d78
-
SHA256
286b416351f4ca6cc215c58692af9be6b9f4eb54c4641160e2a31dfd16c43ec7
-
SHA512
533cbddf7d78740e2586d58588c5d0ad4407417c835c0407d93d86b3202626f160d664b69aefb3d32f94416d7558d6ba9377a28f44be3ff21ace2fd4e51f0748
Static task
static1
Behavioral task
behavioral1
Sample
Prueba de pago.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
smtp.jif-asesores.com - Port:
587 - Username:
administracion@jif-asesores.com - Password:
Aa122334455
Targets
-
-
Target
Prueba de pago.exe
-
Size
1.1MB
-
MD5
b3a244a097904a4d6689a582d7ec9985
-
SHA1
b16032d83c91ee333221fafadd5f2381ca659d78
-
SHA256
286b416351f4ca6cc215c58692af9be6b9f4eb54c4641160e2a31dfd16c43ec7
-
SHA512
533cbddf7d78740e2586d58588c5d0ad4407417c835c0407d93d86b3202626f160d664b69aefb3d32f94416d7558d6ba9377a28f44be3ff21ace2fd4e51f0748
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-