General
-
Target
Preform Invoice ...exe
-
Size
400KB
-
Sample
200630-zq49czytye
-
MD5
7436d6d1549b98955d6a551e2717b686
-
SHA1
d0bdfec6db5e6f53849fbaac36bc60744acc0ca6
-
SHA256
d98201be756dd6ea07c4473bcf6806f8e0ae18d48e78b26dacfd42618f0c0f0b
-
SHA512
dfc86b59a4fc58a79d81b1bb219bfee2ed3f7cf1eabdd3fdc9cab3ce74422de582456915d1098eff7e4ee42ee4791ce5ce4f7f5960582f5327545d0168ab880e
Static task
static1
Behavioral task
behavioral1
Sample
Preform Invoice ...exe
Resource
win7
Behavioral task
behavioral2
Sample
Preform Invoice ...exe
Resource
win10v200430
Malware Config
Targets
-
-
Target
Preform Invoice ...exe
-
Size
400KB
-
MD5
7436d6d1549b98955d6a551e2717b686
-
SHA1
d0bdfec6db5e6f53849fbaac36bc60744acc0ca6
-
SHA256
d98201be756dd6ea07c4473bcf6806f8e0ae18d48e78b26dacfd42618f0c0f0b
-
SHA512
dfc86b59a4fc58a79d81b1bb219bfee2ed3f7cf1eabdd3fdc9cab3ce74422de582456915d1098eff7e4ee42ee4791ce5ce4f7f5960582f5327545d0168ab880e
Score7/10-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-