General
-
Target
Covid-19 vaccines samples.arj
-
Size
25KB
-
Sample
200402-mbkpsphpan
-
MD5
03db3c58e9ff87b03894a49263546b9c
-
SHA1
ec7946929e717862a5dfeee3faed6c59b41711f9
-
SHA256
83ba9d7bcfba422fd9f4e801d8f61901c56473d287d952a41530f6a49c59c905
-
SHA512
67ee3595de4cd28f4c7adf0ca5159f1ffeec7a776759d78394da98a2ecb2d43183f07e9c8457d3888290346fd12b3581892081d488317cb1ef48636a5b9ffeac
Static task
static1
Behavioral task
behavioral1
Sample
Covid-19 vaccines samples.exe
Resource
win7v200217
Malware Config
Targets
-
-
Target
Covid-19 vaccines samples.exe
-
Size
108KB
-
MD5
46ed637f1480905b94113f87211cbd38
-
SHA1
6ac546722e341654d3ddabbeab0e20de77296fe0
-
SHA256
52bca6a14b850bcd73ab0dd52a8f5be9e00ccb9ca7743a42bb44f236dc4d5a45
-
SHA512
70a4170b251c5eba6fb3f549f9f476fe1f01aadae2bdff211f208664ca8fa72697d1f87fd880e8c3dc8c13214ee2e71c4cf0c30f03962277e0051cbc442d929e
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-