General
-
Target
invoice.MCT.JPG.SCR
-
Size
60KB
-
Sample
200213-z9qwezbb56
-
MD5
3a6dc65c259ee7fa8e5f0456431b8564
-
SHA1
220ed37dd2b51095f419b48147caeec12ce47940
-
SHA256
4ed24c2c7b18a13dfa27714299c8f223eee7e0cf8b3c9ea432bbf243ddb0b906
-
SHA512
98b345492c9e1035f01167a401d4930c57e53e8e2ff95332f85f2d1ab5d56ed19929ca8b412151221c1bebd889ad35ce8d2ab7014d69427b938ef165b0399373
Static task
static1
Behavioral task
behavioral1
Sample
invoice.MCT.JPG.SCR
Resource
win7v191014
Behavioral task
behavioral2
Sample
invoice.MCT.JPG.SCR
Resource
win10v191014
Malware Config
Targets
-
-
Target
invoice.MCT.JPG.SCR
-
Size
60KB
-
MD5
3a6dc65c259ee7fa8e5f0456431b8564
-
SHA1
220ed37dd2b51095f419b48147caeec12ce47940
-
SHA256
4ed24c2c7b18a13dfa27714299c8f223eee7e0cf8b3c9ea432bbf243ddb0b906
-
SHA512
98b345492c9e1035f01167a401d4930c57e53e8e2ff95332f85f2d1ab5d56ed19929ca8b412151221c1bebd889ad35ce8d2ab7014d69427b938ef165b0399373
-
Adds Run entry to policy start application
-
Deletes itself
-
Reads browser user data or profiles (possible credential harvesting)
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-