Overview

overview

8

Static

static

RFQ-0547093567.doc

windows7_x64

8

RFQ-0547093567.doc

windows10_x64

8

Resubmissions

17-02-2020 10:18

200217-9nk27hx9g2 8

17-02-2020 10:15

200217-fzh9r1j6fe 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-0547093567.doc

  • Size

    108KB

  • Sample

    200217-fzh9r1j6fe

  • MD5

    5751e59429a5e2f2688533d931f57b51

  • SHA1

    e504d46d789dbcff8d13a80cb03f535830566769

  • SHA256

    e8956afd1fc43b92d12df5533a3aa8313043b4c00d8cd9523dbe0402eba428cd

  • SHA512

    f961e29fcca956fe0207f3fcd58724e5eaa7ed617803e211f0cbdbbc08c7e295f51f4fd1743d75eda068956dcfe928ed6b47c2fe116c6c91e13f1ec326f28986

Score
8/10
spyware

Malware Config

Targets

    • Target

      RFQ-0547093567.doc

    • Size

      108KB

    • MD5

      5751e59429a5e2f2688533d931f57b51

    • SHA1

      e504d46d789dbcff8d13a80cb03f535830566769

    • SHA256

      e8956afd1fc43b92d12df5533a3aa8313043b4c00d8cd9523dbe0402eba428cd

    • SHA512

      f961e29fcca956fe0207f3fcd58724e5eaa7ed617803e211f0cbdbbc08c7e295f51f4fd1743d75eda068956dcfe928ed6b47c2fe116c6c91e13f1ec326f28986

    Score
    8/10
    spyware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads browser user data or profiles (possible credential harvesting)

      spyware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

1
T1203

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks