General
-
Target
Lists.exe
-
Size
799KB
-
Sample
210118-qjpbmwpaks
-
MD5
c715a5419ed1ece6e2051e35d3674cc3
-
SHA1
98e8a74c315b42b88e73129108d5ad338c888124
-
SHA256
c363769d3d6ae833d71203a5a678ad04349404eae3788865fcdb706c3c7543b0
-
SHA512
1cbec375fff5500f8247c4be30b6aa15de47ab73b7d914036c76b05ca9db6eb89aad21f1d45fe955c068a8df94393d34a1b88c2fc159340b72759c0dfa93983d
Static task
static1
Behavioral task
behavioral1
Sample
Lists.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
185.140.53.136:1818
Targets
-
-
Target
Lists.exe
-
Size
799KB
-
MD5
c715a5419ed1ece6e2051e35d3674cc3
-
SHA1
98e8a74c315b42b88e73129108d5ad338c888124
-
SHA256
c363769d3d6ae833d71203a5a678ad04349404eae3788865fcdb706c3c7543b0
-
SHA512
1cbec375fff5500f8247c4be30b6aa15de47ab73b7d914036c76b05ca9db6eb89aad21f1d45fe955c068a8df94393d34a1b88c2fc159340b72759c0dfa93983d
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-