General
-
Target
invoice against the VAT Payment.exe
-
Size
2.8MB
-
Sample
210301-9b35aqerde
-
MD5
f2483ffa1d7e980ef6a9e208a2297464
-
SHA1
18e409e5f3e363e4032c17cbff75ec21d6b3d492
-
SHA256
33e1b67ad4d3fa79b5962739474792e251306c7474e9a9e3afa0fc6d5e93b4b4
-
SHA512
0702b1c67163e8ac359d65817796ff7f9622db23e79083662e5bc6e67eafd4c2dd2073e7bcb7599677a9ecc1d8295c095c0d18c4f2e99732fe2991f5eea1c136
Static task
static1
Behavioral task
behavioral1
Sample
invoice against the VAT Payment.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
invoice against the VAT Payment.exe
-
Size
2.8MB
-
MD5
f2483ffa1d7e980ef6a9e208a2297464
-
SHA1
18e409e5f3e363e4032c17cbff75ec21d6b3d492
-
SHA256
33e1b67ad4d3fa79b5962739474792e251306c7474e9a9e3afa0fc6d5e93b4b4
-
SHA512
0702b1c67163e8ac359d65817796ff7f9622db23e79083662e5bc6e67eafd4c2dd2073e7bcb7599677a9ecc1d8295c095c0d18c4f2e99732fe2991f5eea1c136
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-