General
-
Target
DOC080221-08022021160011.exe
-
Size
895KB
-
Sample
210504-e9bwtzq79x
-
MD5
6fbb325e733601c4047943ab88e73044
-
SHA1
53fc02f829b6e2136b787d3a16d5ec69d58da7bf
-
SHA256
e915c55dbb5ec35506d25685a0c1a841b257af3bb30745ec5be6019f9d6e5bb3
-
SHA512
c1b06f871001004e9a91b27674f31a2b54d20830e3d29a31f644836d88347eb84d09ea2373ef62df1b04d72feb5501f15ce0521cefbad5021fdc6310ecfc905f
Malware Config
Targets
-
-
Target
DOC080221-08022021160011.exe
-
Size
895KB
-
MD5
6fbb325e733601c4047943ab88e73044
-
SHA1
53fc02f829b6e2136b787d3a16d5ec69d58da7bf
-
SHA256
e915c55dbb5ec35506d25685a0c1a841b257af3bb30745ec5be6019f9d6e5bb3
-
SHA512
c1b06f871001004e9a91b27674f31a2b54d20830e3d29a31f644836d88347eb84d09ea2373ef62df1b04d72feb5501f15ce0521cefbad5021fdc6310ecfc905f
Score7/10-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Suspicious use of SetThreadContext
-