Overview

overview

6

Static

static

Scan001.exe

windows7_x64

6

Scan001.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Scan001.exe

  • Size

    52KB

  • Sample

    200217-4z96d6j6q2

  • MD5

    a7b55c95f9682a6a91e01f04771669da

  • SHA1

    6668134839b03b7efd1a686405253ee9c7f55eb7

  • SHA256

    84f638c70ddd167edb443d662c36e42b57b835a74a44e20c14ed548e5ce50792

  • SHA512

    d1a4344e7adccf31668702344d71b1f06fb689aecc51ed6f2e35f3502f18e19f5e797bd2812f2d83c513ea7f8c30b98ec4f5e26c25d7535dd03623af5d52c0e0

Score
6/10
evasionspywaretrojan

Malware Config

Targets

    • Target

      Scan001.exe

    • Size

      52KB

    • MD5

      a7b55c95f9682a6a91e01f04771669da

    • SHA1

      6668134839b03b7efd1a686405253ee9c7f55eb7

    • SHA256

      84f638c70ddd167edb443d662c36e42b57b835a74a44e20c14ed548e5ce50792

    • SHA512

      d1a4344e7adccf31668702344d71b1f06fb689aecc51ed6f2e35f3502f18e19f5e797bd2812f2d83c513ea7f8c30b98ec4f5e26c25d7535dd03623af5d52c0e0

    Score
    6/10
    evasionspywaretrojan

    • Modifies system certificate store

      evasionspywaretrojan

    • Reads browser user data or profiles (possible credential harvesting)

      spyware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks