General
-
Target
DHL Tracking info_AWB NO.cab
-
Size
210KB
-
Sample
210301-l17nklpyaj
-
MD5
77c3a27813fd93ebb201d65ea4dffa69
-
SHA1
dfc44dec88197f16ee89deee1532b0496d15f05d
-
SHA256
80616b96b75786c8f2d11eb715795f82554d29e8c56eede8526d2107dabb8ad6
-
SHA512
15a175ee61a115ee32bb52d0388b460b4a795615b7d502a7bf0c23d36fc4b78e19b61e5d8b5e3e8c00884349f7d6a6565f06756f8bd0a4e352c43e37b9bd1132
Static task
static1
Behavioral task
behavioral1
Sample
PO# PO2021020371N.exe
Resource
win7v20201028
Malware Config
Targets
-
-
Target
PO# PO2021020371N.exe
-
Size
291KB
-
MD5
ce29efcf5510c0a9dcb38f62d50a5e8b
-
SHA1
eb9a28d284303663ab5bbbab9e8cc7db88cf7a2f
-
SHA256
9bec30afd640d68be28fef4e6b5abcc14d90b2c7293d7709619b8f9b9e685b7e
-
SHA512
dee3945c894c586f1a4d42581796e1ce257cc5ec8a98368de391d664328ac7318163aff9edcd5eac9b9ab4c3b3407c2448add2d07b3863a74f513bf0541a77aa
Score10/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-