General
-
Target
GRP Production drawing Order confrimation 0022.exe
-
Size
258KB
-
Sample
200630-rfrvh5yaxs
-
MD5
ac9fa9d4866f1ac20a24463942ea7189
-
SHA1
292ac8c75a35f04e86b021e6ca3b284eb27fa870
-
SHA256
885c0db8dce61efe0b93c41f8eaf4e42f0180ba4b9045d8ca6978298d81bebec
-
SHA512
d6abd43e4b6ca2036701a19a202710798802eeeab07dc55b2ec6ff14e97a9dd355cf48e801c624e40fe5b503af4a1ce0872a6b565c5a77de3252ac8c57a09125
Static task
static1
Behavioral task
behavioral1
Sample
GRP Production drawing Order confrimation 0022.exe
Resource
win7
Behavioral task
behavioral2
Sample
GRP Production drawing Order confrimation 0022.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
GRP Production drawing Order confrimation 0022.exe
-
Size
258KB
-
MD5
ac9fa9d4866f1ac20a24463942ea7189
-
SHA1
292ac8c75a35f04e86b021e6ca3b284eb27fa870
-
SHA256
885c0db8dce61efe0b93c41f8eaf4e42f0180ba4b9045d8ca6978298d81bebec
-
SHA512
d6abd43e4b6ca2036701a19a202710798802eeeab07dc55b2ec6ff14e97a9dd355cf48e801c624e40fe5b503af4a1ce0872a6b565c5a77de3252ac8c57a09125
Score7/10-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-