General
-
Target
PURCHASE ORDER.exe
-
Size
951KB
-
Sample
201120-xsmn4pp4me
-
MD5
8e2337f7cdd4bcd18e862b7a73734d49
-
SHA1
457de2e691794711d257ab9c6315d6f26465ce1a
-
SHA256
d30629a1a9aad3b8bc1e3827ab767473089214fd801b556f9ed3430f39bacbdd
-
SHA512
7cf93e3fb60f69895a23fd8537e36394779a7a8307091691006e56ec3465d57ecfcb854327acfcf0b184e126a1bf8e6994234155e5ce020caa4bd66fe01c597b
Static task
static1
Behavioral task
behavioral1
Sample
PURCHASE ORDER.exe
Resource
win7v20201028
Malware Config
Extracted
Protocol: smtp- Host:
mail.iigcest.com - Port:
587 - Username:
ansaf@iigcest.com - Password:
Ans2016@
Targets
-
-
Target
PURCHASE ORDER.exe
-
Size
951KB
-
MD5
8e2337f7cdd4bcd18e862b7a73734d49
-
SHA1
457de2e691794711d257ab9c6315d6f26465ce1a
-
SHA256
d30629a1a9aad3b8bc1e3827ab767473089214fd801b556f9ed3430f39bacbdd
-
SHA512
7cf93e3fb60f69895a23fd8537e36394779a7a8307091691006e56ec3465d57ecfcb854327acfcf0b184e126a1bf8e6994234155e5ce020caa4bd66fe01c597b
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-