General
-
Target
Receipt.exe
-
Size
5.1MB
-
Sample
200630-7m58wny1kx
-
MD5
4d37240c2a9aab1b8dfd0aee7d418adc
-
SHA1
fb684fe749432d7fb74e95a26f6614362c9b26b2
-
SHA256
9013e308218b70c038971d37c9ab446b81108079344e71f25e1d131487657c97
-
SHA512
5e84c6ff15e51d044c68b01b371b94a00d9d3806ff3bb9cad2aa4446f0f14c79cd95228f13601b88b980152eb4c85f9c0a65eed09034489062d68e93afd7d5ea
Static task
static1
Behavioral task
behavioral1
Sample
Receipt.exe
Resource
win7
Behavioral task
behavioral2
Sample
Receipt.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Receipt.exe
-
Size
5.1MB
-
MD5
4d37240c2a9aab1b8dfd0aee7d418adc
-
SHA1
fb684fe749432d7fb74e95a26f6614362c9b26b2
-
SHA256
9013e308218b70c038971d37c9ab446b81108079344e71f25e1d131487657c97
-
SHA512
5e84c6ff15e51d044c68b01b371b94a00d9d3806ff3bb9cad2aa4446f0f14c79cd95228f13601b88b980152eb4c85f9c0a65eed09034489062d68e93afd7d5ea
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-