General
-
Target
pjhjuc.jpg
-
Size
856KB
-
Sample
200731-lbs7yb3x9e
-
MD5
24e578762b065d2df269dbe5b25a725c
-
SHA1
adf0aaf83b186fc9877c5632d66e11240db90f23
-
SHA256
49411c035bce033585bf1ab27827abf5ead0c9031064848e08014fb1aee182b3
-
SHA512
50c4bd007ae0ac491c03b50acbce1eaddf25c2814bd13b66bb173af4fdd0a890325464114c042a31b8725739f7d833b5a60c820e8a95de862f47f3c512291a01
Static task
static1
Behavioral task
behavioral1
Sample
pjhjuc.jpg.exe
Resource
win7v200722
Malware Config
Targets
-
-
Target
pjhjuc.jpg
-
Size
856KB
-
MD5
24e578762b065d2df269dbe5b25a725c
-
SHA1
adf0aaf83b186fc9877c5632d66e11240db90f23
-
SHA256
49411c035bce033585bf1ab27827abf5ead0c9031064848e08014fb1aee182b3
-
SHA512
50c4bd007ae0ac491c03b50acbce1eaddf25c2814bd13b66bb173af4fdd0a890325464114c042a31b8725739f7d833b5a60c820e8a95de862f47f3c512291a01
-
Formbook Payload
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-