General
-
Target
PO 30091.exe
-
Size
684KB
-
Sample
200630-avlpm1gmzn
-
MD5
9ac778fb946e20543b571464843fd232
-
SHA1
1ab3d9251802a6f3c8475cdbf9f7276689b61dd7
-
SHA256
1ebe8c4369b01611d9c49ed8aadbbd36de80d306532927b21b426dd0e648f3f3
-
SHA512
fb67073a5576592a5775ce1c37d99b378202b33f82ce4efa94a68305e601c1687c179f599551c752399d7e37368280836bf6ef25a2cd729f00c2dbbecf367475
Static task
static1
Behavioral task
behavioral1
Sample
PO 30091.exe
Resource
win7
Behavioral task
behavioral2
Sample
PO 30091.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
PO 30091.exe
-
Size
684KB
-
MD5
9ac778fb946e20543b571464843fd232
-
SHA1
1ab3d9251802a6f3c8475cdbf9f7276689b61dd7
-
SHA256
1ebe8c4369b01611d9c49ed8aadbbd36de80d306532927b21b426dd0e648f3f3
-
SHA512
fb67073a5576592a5775ce1c37d99b378202b33f82ce4efa94a68305e601c1687c179f599551c752399d7e37368280836bf6ef25a2cd729f00c2dbbecf367475
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-