General
-
Target
shipping document INV+PL.exe
-
Size
414KB
-
Sample
200731-fr3l5d2ccj
-
MD5
ca4fbf42b3da386f10f5c82afe65a0bf
-
SHA1
8fd29038564832e3f356db1a7d6cf3464c3e07cc
-
SHA256
ce4764b6234abdbe6f67d1f7c8a54fc7908208a2aec45b6135407cf2e87e67c2
-
SHA512
7b9d3b52811b870862f708577ecf1301634d15c43e23d205be13f57891504b0fc5b2bc10d207afeb9e9c0f035b04f6eab7d2252e6009d28ca51f23bc69ff588f
Static task
static1
Behavioral task
behavioral1
Sample
shipping document INV+PL.exe
Resource
win7
Behavioral task
behavioral2
Sample
shipping document INV+PL.exe
Resource
win10
Malware Config
Targets
-
-
Target
shipping document INV+PL.exe
-
Size
414KB
-
MD5
ca4fbf42b3da386f10f5c82afe65a0bf
-
SHA1
8fd29038564832e3f356db1a7d6cf3464c3e07cc
-
SHA256
ce4764b6234abdbe6f67d1f7c8a54fc7908208a2aec45b6135407cf2e87e67c2
-
SHA512
7b9d3b52811b870862f708577ecf1301634d15c43e23d205be13f57891504b0fc5b2bc10d207afeb9e9c0f035b04f6eab7d2252e6009d28ca51f23bc69ff588f
-
Formbook Payload
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-