General
-
Target
SecuriteInfo.com.BScope.Trojan-Dropper.Injector.486
-
Size
330KB
-
Sample
210119-p15p5as4ve
-
MD5
4375421ae3eeb86eefcc570b9ad4c782
-
SHA1
fec7e376072cf881a572707d305bfaa41a09da85
-
SHA256
138fa2cd5e89767fd71e4e32719550f54910e3ecc3f81fea5341321cc1b5d429
-
SHA512
4516a7a734f76079e4d90ca3a411bc0665ed8f89041a9e644c2609b86b42b66172c0c7a5494a36eef00990741c2cb1df9160821e3fe7f52ce6d88949943e84dc
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.BScope.Trojan-Dropper.Injector.486.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.BScope.Trojan-Dropper.Injector.486.exe
Resource
win10v20201028
Malware Config
Extracted
remcos
eileenwmsscm.duckdns.org:2558
Targets
-
-
Target
SecuriteInfo.com.BScope.Trojan-Dropper.Injector.486
-
Size
330KB
-
MD5
4375421ae3eeb86eefcc570b9ad4c782
-
SHA1
fec7e376072cf881a572707d305bfaa41a09da85
-
SHA256
138fa2cd5e89767fd71e4e32719550f54910e3ecc3f81fea5341321cc1b5d429
-
SHA512
4516a7a734f76079e4d90ca3a411bc0665ed8f89041a9e644c2609b86b42b66172c0c7a5494a36eef00990741c2cb1df9160821e3fe7f52ce6d88949943e84dc
Score10/10-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-