General
-
Target
pagamento.pdf.exe
-
Size
645KB
-
Sample
200630-ekqdvxhlh2
-
MD5
2dc09d438a5d93330cdc95cbcc1f92df
-
SHA1
2b347c840695d84ee8eee712f30933089efb1da2
-
SHA256
e41ee8ef8e196d80c1db94848c6dd31eb8737b6f77d7bf63537138e110f79120
-
SHA512
e3c755b33e72e95c161a4e90ef5e8f7e2cbe06929564c0833f3245bda9778afb0d62f02c89b5320ff154118e9dffbc1277701465b31f3d7c5305c6514674c697
Static task
static1
Behavioral task
behavioral1
Sample
pagamento.pdf.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
pagamento.pdf.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
pagamento.pdf.exe
-
Size
645KB
-
MD5
2dc09d438a5d93330cdc95cbcc1f92df
-
SHA1
2b347c840695d84ee8eee712f30933089efb1da2
-
SHA256
e41ee8ef8e196d80c1db94848c6dd31eb8737b6f77d7bf63537138e110f79120
-
SHA512
e3c755b33e72e95c161a4e90ef5e8f7e2cbe06929564c0833f3245bda9778afb0d62f02c89b5320ff154118e9dffbc1277701465b31f3d7c5305c6514674c697
Score7/10-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-