03a8582db8f34154ed1e18821d8d7e2df2148ce0c36b06ed7fb91f387e3f0aa6 | Triage

Sharing

General

Target

Invoice.exe
Size

5.1MB
Sample

200707-b2417bkpn6
MD5

7f1e268e77797a3049136b2e8b67a997
SHA1

27c0a7cb6cf140d6ad7109cfb2c0f64af73f6e8c
SHA256

03a8582db8f34154ed1e18821d8d7e2df2148ce0c36b06ed7fb91f387e3f0aa6
SHA512

0ddd4c099c3bb57f2f836793fabe78e9679f56caa80105d1d04f90866f533d37437873379b598ce5d5e56bea849a5717de599b37175052ca389cfc80568ee8a3

Score

8^/10

persistence spyware

Malware Config

Targets

- Target
  
  Invoice.exe
- Size
  
  5.1MB
- MD5
  
  7f1e268e77797a3049136b2e8b67a997
- SHA1
  
  27c0a7cb6cf140d6ad7109cfb2c0f64af73f6e8c
- SHA256
  
  03a8582db8f34154ed1e18821d8d7e2df2148ce0c36b06ed7fb91f387e3f0aa6
- SHA512
  
  0ddd4c099c3bb57f2f836793fabe78e9679f56caa80105d1d04f90866f533d37437873379b598ce5d5e56bea849a5717de599b37175052ca389cfc80568ee8a3
Score

8^/10

persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2