General
-
Target
Proforma Invoice 20200619.exe
-
Size
619KB
-
Sample
200624-dkefzwzzd6
-
MD5
0c55c4e607abb7f6c593d6d8dc140a0a
-
SHA1
6e50f8fcf9ec02aeee70b4ce14bd44a45b29bd32
-
SHA256
d22cd7fc720b7fc65ab0ec5a50e8dbde8c58c499ec5c289c0e1614f24d6255f8
-
SHA512
713facdb87ef95d5a569ebd69067101c25a0dd3ef65af778fcefb8dffb070580badd084a4cc86bc0130e35c23f17b5a71d3fcecb3ba9a88383d14d557a6b7371
Static task
static1
Behavioral task
behavioral1
Sample
Proforma Invoice 20200619.exe
Resource
win7
Behavioral task
behavioral2
Sample
Proforma Invoice 20200619.exe
Resource
win10
Malware Config
Targets
-
-
Target
Proforma Invoice 20200619.exe
-
Size
619KB
-
MD5
0c55c4e607abb7f6c593d6d8dc140a0a
-
SHA1
6e50f8fcf9ec02aeee70b4ce14bd44a45b29bd32
-
SHA256
d22cd7fc720b7fc65ab0ec5a50e8dbde8c58c499ec5c289c0e1614f24d6255f8
-
SHA512
713facdb87ef95d5a569ebd69067101c25a0dd3ef65af778fcefb8dffb070580badd084a4cc86bc0130e35c23f17b5a71d3fcecb3ba9a88383d14d557a6b7371
Score8/10-
Disables Task Manager via registry modification
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-