General
-
Target
Wjhus order 13.1.2021.exe
-
Size
374KB
-
Sample
210113-xkh9tx4y82
-
MD5
20663ecc753600bebd55fbc4c3fff85e
-
SHA1
6f14c5bd02dca7c1a58965ccb26a10ef8aa95aea
-
SHA256
01c59004eb5e4390f96dc41ca001c9bd036068645fb55a922cded1ee1ecf014c
-
SHA512
d3e2e219fac00dcb53d3f2ef1e789110681183ce22e32191c11c404f816ee4d2b342a5090288907e21d17dc779e9a9baede05aeb20390cacbc047be486f681af
Static task
static1
Behavioral task
behavioral1
Sample
Wjhus order 13.1.2021.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Wjhus order 13.1.2021.exe
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Wjhus order 13.1.2021.exe
-
Size
374KB
-
MD5
20663ecc753600bebd55fbc4c3fff85e
-
SHA1
6f14c5bd02dca7c1a58965ccb26a10ef8aa95aea
-
SHA256
01c59004eb5e4390f96dc41ca001c9bd036068645fb55a922cded1ee1ecf014c
-
SHA512
d3e2e219fac00dcb53d3f2ef1e789110681183ce22e32191c11c404f816ee4d2b342a5090288907e21d17dc779e9a9baede05aeb20390cacbc047be486f681af
Score10/10-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-