General
-
Target
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE
-
Size
1.8MB
-
Sample
200624-wsxnarpr56
-
MD5
1e80be82f8e930a7160c225ea1fb529e
-
SHA1
7c50b9f3550d1d4c6abdb668cec1d7461a4c13d6
-
SHA256
68101d145825fc980210f1f56638011d98eeaf5c53fb734b62a80dac6489f2e3
-
SHA512
964181a2b3d3db5522a99dfa4c77c87d7c921981e55ecd2cd9fa8f10dd170082637cb6d130a7fee8182a3e6b967e98d34d072d7955233a17b281cd598080bf93
Static task
static1
Behavioral task
behavioral1
Sample
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE
Resource
win7v200430
Malware Config
Targets
-
-
Target
Purchase Order_23011008_PDF ________________________ iGSTEEEE1124EEEEEEXEEEE.EXE
-
Size
1.8MB
-
MD5
1e80be82f8e930a7160c225ea1fb529e
-
SHA1
7c50b9f3550d1d4c6abdb668cec1d7461a4c13d6
-
SHA256
68101d145825fc980210f1f56638011d98eeaf5c53fb734b62a80dac6489f2e3
-
SHA512
964181a2b3d3db5522a99dfa4c77c87d7c921981e55ecd2cd9fa8f10dd170082637cb6d130a7fee8182a3e6b967e98d34d072d7955233a17b281cd598080bf93
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run entry to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-