General
-
Target
sB2ppXd9nd1DsMC.exe
-
Size
831KB
-
Sample
210119-knek6276f2
-
MD5
6471f431e11c4285b7ba8ac3c3e71ad9
-
SHA1
46f5265999242b24f5ff5cae831709b616a2c381
-
SHA256
b76e862dccd0da9b40dccf294bef402dc7a34185449bf55b022eb79dc8ce6e23
-
SHA512
095f5ed132db126a2f4571d3209fb697a609f75887d2a37a8630d5397f7422288d1903b2f21b62138be8644fe1fe9ca1c0537076a541fa9cecb1cb57779dd5f4
Static task
static1
Behavioral task
behavioral1
Sample
sB2ppXd9nd1DsMC.exe
Resource
win7v20201028
Malware Config
Extracted
remcos
185.244.26.241:1989
Targets
-
-
Target
sB2ppXd9nd1DsMC.exe
-
Size
831KB
-
MD5
6471f431e11c4285b7ba8ac3c3e71ad9
-
SHA1
46f5265999242b24f5ff5cae831709b616a2c381
-
SHA256
b76e862dccd0da9b40dccf294bef402dc7a34185449bf55b022eb79dc8ce6e23
-
SHA512
095f5ed132db126a2f4571d3209fb697a609f75887d2a37a8630d5397f7422288d1903b2f21b62138be8644fe1fe9ca1c0537076a541fa9cecb1cb57779dd5f4
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-