General

  • Target

    Reconfirm your IBAN.exe

  • Size

    658KB

  • Sample

    200707-a7rlq1sd6a

  • MD5

    e466396cdd8c13b7d720b275e4c16b05

  • SHA1

    842de4497253343ab91d5c75e7d4dbcd2639843e

  • SHA256

    571d91bcbedea2198fed6ad8433d7faeaa9add927022c32dc2cce088e781263c

  • SHA512

    3a4d5d357fffa3912ea1ab16a721c2a8a44cfc98abe4cb3ae4fcc4003b69a1ec42edaacaaae816585e7b02d63e35a1d05b660743a3b21d37605d4dc7c6473a89

Score
8/10

Malware Config

Targets

    • Target

      Reconfirm your IBAN.exe

    • Size

      658KB

    • MD5

      e466396cdd8c13b7d720b275e4c16b05

    • SHA1

      842de4497253343ab91d5c75e7d4dbcd2639843e

    • SHA256

      571d91bcbedea2198fed6ad8433d7faeaa9add927022c32dc2cce088e781263c

    • SHA512

      3a4d5d357fffa3912ea1ab16a721c2a8a44cfc98abe4cb3ae4fcc4003b69a1ec42edaacaaae816585e7b02d63e35a1d05b660743a3b21d37605d4dc7c6473a89

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks