General
-
Target
MRZhwo07xs.js
-
Size
56KB
-
Sample
210113-shrsvq7a6x
-
MD5
e09a8411720fada28aa0a4ec1e78d7c8
-
SHA1
f0e5b9f692e2e40d1b0caf0b2126e8f1136cf56f
-
SHA256
edcb57b4cacec853469ec74863fed43262f50a5cd2b64f15e50326a6a032540d
-
SHA512
4bbad28c8b36f6a8b3ef308da3b2268e69716d6020ec4e3836b7e6a03a74db47762965b94c14093347a72ec5b47328baf8dcb52cb82f6ecdafaea050a29c8b49
Static task
static1
Behavioral task
behavioral1
Sample
MRZhwo07xs.js
Resource
win7v20201028
Malware Config
Extracted
trickbot
100010
rob35
5.34.180.180:443
64.74.160.228:443
198.46.198.116:443
5.34.180.185:443
107.152.46.188:443
195.123.241.214:443
23.254.224.2:443
107.172.188.113:443
200.52.147.93:443
185.198.59.45:443
45.14.226.101:443
185.82.126.38:443
85.204.116.139:443
45.155.173.248:443
103.91.244.50:443
45.230.244.20:443
45.226.124.226:443
187.84.95.6:443
186.250.157.116:443
186.137.85.76:443
36.94.62.207:443
182.253.107.34:443
180.92.158.244:443
-
autorunName:pwgrab
Targets
-
-
Target
MRZhwo07xs.js
-
Size
56KB
-
MD5
e09a8411720fada28aa0a4ec1e78d7c8
-
SHA1
f0e5b9f692e2e40d1b0caf0b2126e8f1136cf56f
-
SHA256
edcb57b4cacec853469ec74863fed43262f50a5cd2b64f15e50326a6a032540d
-
SHA512
4bbad28c8b36f6a8b3ef308da3b2268e69716d6020ec4e3836b7e6a03a74db47762965b94c14093347a72ec5b47328baf8dcb52cb82f6ecdafaea050a29c8b49
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-