9c5da09379aac3c9b0c5fe8dbca524809a1109f2e57b218b5f48b9f2e32a4bf0 | Triage

Sharing

General

Target

Items.exe
Size

522KB
Sample

200707-7vqwvef3xx
MD5

1460fb4b266589b7b04d24d4da9a1f92
SHA1

ba493e1450da8e67264a9e32adea1512f75282e7
SHA256

9c5da09379aac3c9b0c5fe8dbca524809a1109f2e57b218b5f48b9f2e32a4bf0
SHA512

a1c99f2f9d8788ff78fd17fd02a539ebbd41ea2bbf01b79c3df0b9011b9036225ce2525fa4166e2acccc2939519142b5c3080ad5415e38b022f8f60e108899e6

Score

7^/10

persistence spyware

Malware Config

Targets

- Target
  
  Items.exe
- Size
  
  522KB
- MD5
  
  1460fb4b266589b7b04d24d4da9a1f92
- SHA1
  
  ba493e1450da8e67264a9e32adea1512f75282e7
- SHA256
  
  9c5da09379aac3c9b0c5fe8dbca524809a1109f2e57b218b5f48b9f2e32a4bf0
- SHA512
  
  a1c99f2f9d8788ff78fd17fd02a539ebbd41ea2bbf01b79c3df0b9011b9036225ce2525fa4166e2acccc2939519142b5c3080ad5415e38b022f8f60e108899e6
Score

7^/10

persistence spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

spywarepersistence