General
-
Target
0000000000009000.exe
-
Size
164KB
-
Sample
210112-1rhs3ghx8a
-
MD5
e94c75f89c21caad5e32e29ef565a4ff
-
SHA1
4c95d00080d93d9df0360959db3c9f38a7e80a97
-
SHA256
a9b710f85ef86429b380e2a96153ea27a21ea201ce8bd81e316420f0c3a435c3
-
SHA512
3936e7c8692fe4821bd8fa32c8a98d468c855b2a8220d346e1b8d5b356c5540db2566d4949fae0e095b4febe71e52279cc671945ab29bb8ac490a342f793ef17
Static task
static1
Behavioral task
behavioral1
Sample
0000000000009000.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
45.137.22.52:8780
Targets
-
-
Target
0000000000009000.exe
-
Size
164KB
-
MD5
e94c75f89c21caad5e32e29ef565a4ff
-
SHA1
4c95d00080d93d9df0360959db3c9f38a7e80a97
-
SHA256
a9b710f85ef86429b380e2a96153ea27a21ea201ce8bd81e316420f0c3a435c3
-
SHA512
3936e7c8692fe4821bd8fa32c8a98d468c855b2a8220d346e1b8d5b356c5540db2566d4949fae0e095b4febe71e52279cc671945ab29bb8ac490a342f793ef17
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-