General
-
Target
PO - 2021-000511.exe
-
Size
330KB
-
Sample
210119-dgdw3rkp9j
-
MD5
66942e778b34428234e0a47a0e9c444e
-
SHA1
2bf1b967c0b9ff0c2478441a9294405afb29ec6e
-
SHA256
9d3eddc1a411d1749efa3f08827529ab80356d515cb5321ed5ea7cca0dedca74
-
SHA512
1bbf9595b15c0a1c0f8635c8a15161d39c5a73bf45a73f2f0fedfa80b33ed60c0bf1db738348a91b7f4ac2ac13e95bbd63d2ee65feaa01627656ba12e2e30989
Static task
static1
Behavioral task
behavioral1
Sample
PO - 2021-000511.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
PO - 2021-000511.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
nkosarevaocs.duckdns.org:7266
Targets
-
-
Target
PO - 2021-000511.exe
-
Size
330KB
-
MD5
66942e778b34428234e0a47a0e9c444e
-
SHA1
2bf1b967c0b9ff0c2478441a9294405afb29ec6e
-
SHA256
9d3eddc1a411d1749efa3f08827529ab80356d515cb5321ed5ea7cca0dedca74
-
SHA512
1bbf9595b15c0a1c0f8635c8a15161d39c5a73bf45a73f2f0fedfa80b33ed60c0bf1db738348a91b7f4ac2ac13e95bbd63d2ee65feaa01627656ba12e2e30989
Score10/10-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-