General
-
Target
12f463eaf4dcb88c65728d93a2ca6736.exe
-
Size
686KB
-
Sample
200630-e81pmgrx9s
-
MD5
12f463eaf4dcb88c65728d93a2ca6736
-
SHA1
edfdb10111cfabc4b3cc37b869f15d9c35950dae
-
SHA256
517a83a2bab64041edfcba42d9f2e407f50e8beaca0cbde44a250a790cf0c9c0
-
SHA512
57055ef137e29cec68a784276d59139cc70e9f5979752669b8b20903df2cb2aa676237e3fe7a3dcfacc5a13667adc740bd92520a8d22f8b4c26e5eb6ddb55907
Static task
static1
Behavioral task
behavioral1
Sample
12f463eaf4dcb88c65728d93a2ca6736.exe
Resource
win7
Malware Config
Extracted
Protocol: smtp- Host:
us2.smtp.mailhostbox.com - Port:
587 - Username:
omeudo@intarscan.org - Password:
L_7do9qu$$eB
Targets
-
-
Target
12f463eaf4dcb88c65728d93a2ca6736.exe
-
Size
686KB
-
MD5
12f463eaf4dcb88c65728d93a2ca6736
-
SHA1
edfdb10111cfabc4b3cc37b869f15d9c35950dae
-
SHA256
517a83a2bab64041edfcba42d9f2e407f50e8beaca0cbde44a250a790cf0c9c0
-
SHA512
57055ef137e29cec68a784276d59139cc70e9f5979752669b8b20903df2cb2aa676237e3fe7a3dcfacc5a13667adc740bd92520a8d22f8b4c26e5eb6ddb55907
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Adds Run entry to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-