General
-
Target
Confirmation voucher.exe
-
Size
1.1MB
-
Sample
200731-1rwpysy2fj
-
MD5
7c239ebd95edce558af5ab4ba444a20e
-
SHA1
72b95da770016af3be66101db42c191d60685d7f
-
SHA256
0cd1ca47d2e04de65562e1ba4d8ce4545ee486999f8f0eb7adc880c7fb7fc9b8
-
SHA512
bf4ad36a62ef6583dc82674767fcadffa23d5667d664e08c36cc3e05a3368ac269463dfd446be5f00db07e2918c8705190398a97a4b538ab4c61705262d5542d
Static task
static1
Behavioral task
behavioral1
Sample
Confirmation voucher.exe
Resource
win7
Malware Config
Targets
-
-
Target
Confirmation voucher.exe
-
Size
1.1MB
-
MD5
7c239ebd95edce558af5ab4ba444a20e
-
SHA1
72b95da770016af3be66101db42c191d60685d7f
-
SHA256
0cd1ca47d2e04de65562e1ba4d8ce4545ee486999f8f0eb7adc880c7fb7fc9b8
-
SHA512
bf4ad36a62ef6583dc82674767fcadffa23d5667d664e08c36cc3e05a3368ac269463dfd446be5f00db07e2918c8705190398a97a4b538ab4c61705262d5542d
-
Formbook Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-