General
-
Target
QRP-57843552.exe
-
Size
1.0MB
-
Sample
210113-16glkgrz9a
-
MD5
7da0fbd98ffd79125bc0373fe2e0c508
-
SHA1
97fbd05a865e216f1fba898602a15d9bb02b7e13
-
SHA256
c7ccb3ceba2173fcd6839e02a2e11abd7d32bd39b932ed74dcf389535be818f6
-
SHA512
85c32e69d9325933a17619ec30d538d8169401ec484c961c2280ef219caa0813889f538f680cfd2cdfd3d19f50c27d20333ec2e2b9cdd957e93e0e277fb18772
Malware Config
Targets
-
-
Target
QRP-57843552.exe
-
Size
1.0MB
-
MD5
7da0fbd98ffd79125bc0373fe2e0c508
-
SHA1
97fbd05a865e216f1fba898602a15d9bb02b7e13
-
SHA256
c7ccb3ceba2173fcd6839e02a2e11abd7d32bd39b932ed74dcf389535be818f6
-
SHA512
85c32e69d9325933a17619ec30d538d8169401ec484c961c2280ef219caa0813889f538f680cfd2cdfd3d19f50c27d20333ec2e2b9cdd957e93e0e277fb18772
Score7/10-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-