General
-
Target
NOW PO n08765456789093.exe
-
Size
305KB
-
Sample
200630-dn8ypt74te
-
MD5
48403eec26a42d2e2d053de67df6e493
-
SHA1
d0c2635d509aa173129179e8346dec0e16db1863
-
SHA256
4ef912ba8f9cfbe827295f923edc2e3b11e0bb061070f1b75b3d5e1e59d1e8eb
-
SHA512
865d9b0002cfff9d771a22710a1dc47e0e015ccf5946354ab554a9dc48b4ce0f802106703c59b76110d28af737b757fa68c654cd82da7389d0f952c6b15833b4
Static task
static1
Behavioral task
behavioral1
Sample
NOW PO n08765456789093.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
NOW PO n08765456789093.exe
Resource
win10
Malware Config
Targets
-
-
Target
NOW PO n08765456789093.exe
-
Size
305KB
-
MD5
48403eec26a42d2e2d053de67df6e493
-
SHA1
d0c2635d509aa173129179e8346dec0e16db1863
-
SHA256
4ef912ba8f9cfbe827295f923edc2e3b11e0bb061070f1b75b3d5e1e59d1e8eb
-
SHA512
865d9b0002cfff9d771a22710a1dc47e0e015ccf5946354ab554a9dc48b4ce0f802106703c59b76110d28af737b757fa68c654cd82da7389d0f952c6b15833b4
Score10/10-
Adds Run entry to policy start application
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-