General
-
Target
PO.exe
-
Size
167KB
-
Sample
210119-97hfas8h7n
-
MD5
b83b2773148e40f003ffd62920a88ab1
-
SHA1
c738d07984d406be0aa87d36eae86e7fa81f68b7
-
SHA256
e3fceaabe401036d5b259a767747f86c6563db8d122c87e70506ce84ad622638
-
SHA512
eb2b4286611d6515b72cafdef2c7f73626f86b73060d424862df6e9a5ff5fe29159ea6bb39e501a943e500d8404aecedaf5be07fe40aa49e5952e931895efa2e
Static task
static1
Behavioral task
behavioral1
Sample
PO.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
eileenwmsscm.duckdns.org:2558
Targets
-
-
Target
PO.exe
-
Size
167KB
-
MD5
b83b2773148e40f003ffd62920a88ab1
-
SHA1
c738d07984d406be0aa87d36eae86e7fa81f68b7
-
SHA256
e3fceaabe401036d5b259a767747f86c6563db8d122c87e70506ce84ad622638
-
SHA512
eb2b4286611d6515b72cafdef2c7f73626f86b73060d424862df6e9a5ff5fe29159ea6bb39e501a943e500d8404aecedaf5be07fe40aa49e5952e931895efa2e
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-