General
-
Target
WHITE SPIRIT MSDS_pdf.exe
-
Size
1.2MB
-
Sample
200624-gpykqs6kmx
-
MD5
da0c1d3e4b6526d4c99022e8894ceee9
-
SHA1
355db74ab7cf7797863b94a3e700d30548db76bb
-
SHA256
8d1512de63fd1bf66f80c8ec2ec640464a6ce986101849488372a38fed2bcfb6
-
SHA512
e31bedf4ed0b209859a3024a0c93d24301e25b59d37a11f40d8c356068f717f867c7244a4c19733c14775707aa8ef86665cbf3374093808bc7c162ccf503fb58
Static task
static1
Behavioral task
behavioral1
Sample
WHITE SPIRIT MSDS_pdf.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
WHITE SPIRIT MSDS_pdf.exe
Resource
win10
Malware Config
Targets
-
-
Target
WHITE SPIRIT MSDS_pdf.exe
-
Size
1.2MB
-
MD5
da0c1d3e4b6526d4c99022e8894ceee9
-
SHA1
355db74ab7cf7797863b94a3e700d30548db76bb
-
SHA256
8d1512de63fd1bf66f80c8ec2ec640464a6ce986101849488372a38fed2bcfb6
-
SHA512
e31bedf4ed0b209859a3024a0c93d24301e25b59d37a11f40d8c356068f717f867c7244a4c19733c14775707aa8ef86665cbf3374093808bc7c162ccf503fb58
-
Adds Run entry to policy start application
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-