Overview

overview

8

Static

static

customers_...rm.exe

windows7_x64

8

customers_...rm.exe

windows10_x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    customers_dhl-form.exe

  • Size

    724KB

  • Sample

    200707-ajlazgd2z2

  • MD5

    d3283503ee7554492851180b73796dae

  • SHA1

    6224763d99acb1c3f0815302a7b22439284b90f1

  • SHA256

    24b143878fdfd3d1fab8ce514132cbc304da8c6ff10e4cf91ab11028079a63a9

  • SHA512

    7712fe167b039a4931a05c447113315c75a908811001913957c66273a53827573b28e7f9fa15b3c22266cabe22a611b029a58352e77100babedd3d39aa140fac

Score
8/10
spyware

Malware Config

Targets

    • Target

      customers_dhl-form.exe

    • Size

      724KB

    • MD5

      d3283503ee7554492851180b73796dae

    • SHA1

      6224763d99acb1c3f0815302a7b22439284b90f1

    • SHA256

      24b143878fdfd3d1fab8ce514132cbc304da8c6ff10e4cf91ab11028079a63a9

    • SHA512

      7712fe167b039a4931a05c447113315c75a908811001913957c66273a53827573b28e7f9fa15b3c22266cabe22a611b029a58352e77100babedd3d39aa140fac

    Score
    8/10
    spyware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks