General
-
Target
DOC Scanned_0897506302020.exe
-
Size
608KB
-
Sample
200630-pjkcq2wxvs
-
MD5
ad535bbe748d1f76fe956281e186b195
-
SHA1
c1b622f311ffa1194194a66e3d922e58b6e9402d
-
SHA256
e86fd29446566f02088cc93deb2449d5aa7febf4ced0a41d36095520737f0338
-
SHA512
904d9712f5c683960b20b3dd79176db70ccb1c843e93ee05ebe38894f9ed4a18d44249de679d51f693fd83fa19e10e19495416bc236337dc536c4dcd28743406
Static task
static1
Behavioral task
behavioral1
Sample
DOC Scanned_0897506302020.exe
Resource
win7
Behavioral task
behavioral2
Sample
DOC Scanned_0897506302020.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
DOC Scanned_0897506302020.exe
-
Size
608KB
-
MD5
ad535bbe748d1f76fe956281e186b195
-
SHA1
c1b622f311ffa1194194a66e3d922e58b6e9402d
-
SHA256
e86fd29446566f02088cc93deb2449d5aa7febf4ced0a41d36095520737f0338
-
SHA512
904d9712f5c683960b20b3dd79176db70ccb1c843e93ee05ebe38894f9ed4a18d44249de679d51f693fd83fa19e10e19495416bc236337dc536c4dcd28743406
Score8/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Suspicious use of SetThreadContext
-