General
-
Target
RFQ-proudct list.exe
-
Size
680KB
-
Sample
200630-wx3ebl83xa
-
MD5
47c4850ea77b7973791ca028a48b3eff
-
SHA1
7db7d4d05164bed0ebf4ab53e6c17e5f81c72386
-
SHA256
10d6e6ffa24a33da75382f2268d9450e64513b5265cb81b18190961a73d8f1ee
-
SHA512
91f37972c44747d6e40f0b957252aa532436c74059d32dfd7616c2c51c7c598dc4a8d30e0360f94098b3117c60ad6f8816b5951f66a50c4218af8a17a63dda3e
Static task
static1
Behavioral task
behavioral1
Sample
RFQ-proudct list.exe
Resource
win7
Behavioral task
behavioral2
Sample
RFQ-proudct list.exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
RFQ-proudct list.exe
-
Size
680KB
-
MD5
47c4850ea77b7973791ca028a48b3eff
-
SHA1
7db7d4d05164bed0ebf4ab53e6c17e5f81c72386
-
SHA256
10d6e6ffa24a33da75382f2268d9450e64513b5265cb81b18190961a73d8f1ee
-
SHA512
91f37972c44747d6e40f0b957252aa532436c74059d32dfd7616c2c51c7c598dc4a8d30e0360f94098b3117c60ad6f8816b5951f66a50c4218af8a17a63dda3e
Score7/10-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run entry to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of SetThreadContext
-