General
-
Target
payload-de.js
-
Size
2.8MB
-
Sample
210302-ql9m1sch22
-
MD5
6f1069a90a63748bdb3098301993b38b
-
SHA1
547d848aa7044051ac69c4004069d03b38a25c15
-
SHA256
4282eb3d9f7aad6faf333be7700b1926dfac7b1827515706db6a29b40a6cdb45
-
SHA512
ccf12209455b03ed526c7d05f49463f7532daaec294e861724173de05433d031e9a12f4ca82f05e10ddc50322fa8db76fd5853591f6a80c03ec2a27595185434
Static task
static1
Behavioral task
behavioral1
Sample
payload-de.js
Resource
win7v20201028
Malware Config
Targets
-
-
Target
payload-de.js
-
Size
2.8MB
-
MD5
6f1069a90a63748bdb3098301993b38b
-
SHA1
547d848aa7044051ac69c4004069d03b38a25c15
-
SHA256
4282eb3d9f7aad6faf333be7700b1926dfac7b1827515706db6a29b40a6cdb45
-
SHA512
ccf12209455b03ed526c7d05f49463f7532daaec294e861724173de05433d031e9a12f4ca82f05e10ddc50322fa8db76fd5853591f6a80c03ec2a27595185434
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of SetThreadContext
-