General
-
Target
Order1.5%.exe
-
Size
620KB
-
Sample
210114-trdnzdxv3a
-
MD5
bbf5a0e3f2e9c7619bcdd81a23219627
-
SHA1
80716a9ff7481f0d2ce78ae6dd65e00434315878
-
SHA256
f05b74930aa9777625a66d2852fb0b690461ef0b5598d35b2d7959721456600d
-
SHA512
c9b75b115f4f59083c09555d4a6bfa9becae022f8f99058bb9b5c792c46b1ffba82aa73313bf87af59b3c07165a01ec6aff900b309fed3a8a70ebc820741f6c5
Static task
static1
Behavioral task
behavioral1
Sample
Order1.5%.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
igatyou.mywire.org:2021
Targets
-
-
Target
Order1.5%.exe
-
Size
620KB
-
MD5
bbf5a0e3f2e9c7619bcdd81a23219627
-
SHA1
80716a9ff7481f0d2ce78ae6dd65e00434315878
-
SHA256
f05b74930aa9777625a66d2852fb0b690461ef0b5598d35b2d7959721456600d
-
SHA512
c9b75b115f4f59083c09555d4a6bfa9becae022f8f99058bb9b5c792c46b1ffba82aa73313bf87af59b3c07165a01ec6aff900b309fed3a8a70ebc820741f6c5
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-