General
-
Target
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE
-
Size
1.8MB
-
Sample
200624-gvj2cln59x
-
MD5
cc5e307e68ccb5b363a1d8125e0edfb1
-
SHA1
0937747b83e0624bec024daadeaf5c7effdbcb36
-
SHA256
82ffa88d2b058317fcbc1af1c6fe06d7927be41ee28c7473a397f3db42670ca5
-
SHA512
ac464272963a2208cf7061e22c75d2ae5b9c76ade74cd1c21aeb28690d2d2ccee45c2cfafe09ad588a56a802f438dfc9a56e60792f87e483db727b8286968815
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE
Resource
win7v200430
Malware Config
Targets
-
-
Target
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE
-
Size
1.8MB
-
MD5
cc5e307e68ccb5b363a1d8125e0edfb1
-
SHA1
0937747b83e0624bec024daadeaf5c7effdbcb36
-
SHA256
82ffa88d2b058317fcbc1af1c6fe06d7927be41ee28c7473a397f3db42670ca5
-
SHA512
ac464272963a2208cf7061e22c75d2ae5b9c76ade74cd1c21aeb28690d2d2ccee45c2cfafe09ad588a56a802f438dfc9a56e60792f87e483db727b8286968815
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run entry to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-