General
-
Target
10941585e933119c70b14961e91acc82.exe
-
Size
31KB
-
Sample
201119-r4qk76rqbx
-
MD5
10941585e933119c70b14961e91acc82
-
SHA1
e629db65702a4d84c9313c2918f5851bdb14b49e
-
SHA256
38637b0bf898df12f7549c595eb255b38995e8da8058bff700428d90e98052c1
-
SHA512
8f620be8bdee03372af507e57e5a2d8f98b3b5ee6f50d37b43c94ecd93255d7dd052b2d51ee83c27e03353154f005636870dee6961f8d0b3d49b600ffe7d2450
Static task
static1
Behavioral task
behavioral1
Sample
10941585e933119c70b14961e91acc82.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
10941585e933119c70b14961e91acc82.exe
-
Size
31KB
-
MD5
10941585e933119c70b14961e91acc82
-
SHA1
e629db65702a4d84c9313c2918f5851bdb14b49e
-
SHA256
38637b0bf898df12f7549c595eb255b38995e8da8058bff700428d90e98052c1
-
SHA512
8f620be8bdee03372af507e57e5a2d8f98b3b5ee6f50d37b43c94ecd93255d7dd052b2d51ee83c27e03353154f005636870dee6961f8d0b3d49b600ffe7d2450
-
Phorphiex Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-