General
-
Target
Shipment Document BL,INV and Packing list Attached.exe
-
Size
305KB
-
Sample
200630-12t4dwm3ta
-
MD5
15841911ca4112d3e662c04db3517145
-
SHA1
be584653e032bd30328b6dbc5e7a502bde7f8342
-
SHA256
bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0
-
SHA512
b0140fd10e30fa8b4929cad363396d7cacc90fce41b42e42d5574d11cf68e40032555ed06c6257f23b1e8190f404605eafa37b2504567ec8e3ed453672687e7e
Static task
static1
Behavioral task
behavioral1
Sample
Shipment Document BL,INV and Packing list Attached.exe
Resource
win7
Behavioral task
behavioral2
Sample
Shipment Document BL,INV and Packing list Attached.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Shipment Document BL,INV and Packing list Attached.exe
-
Size
305KB
-
MD5
15841911ca4112d3e662c04db3517145
-
SHA1
be584653e032bd30328b6dbc5e7a502bde7f8342
-
SHA256
bcf951a2c7bc31a37486577ae1fc83f97bc1daf987d5a35e9302eb31f5a5ebf0
-
SHA512
b0140fd10e30fa8b4929cad363396d7cacc90fce41b42e42d5574d11cf68e40032555ed06c6257f23b1e8190f404605eafa37b2504567ec8e3ed453672687e7e
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-