516af190e411859eafe3334997490013f00b0a6199ef034a584df640a3993440 | Triage

Sharing

General

Target

OFFICIAL PAYMENT MODE DURING COVID-19 PANDEMIC-2020.com
Size

480KB
Sample

200707-b9gv3l6has
MD5

5ac4e04aca5a3bfaf13c7c5d429cc017
SHA1

3648fdde6cb192dcabde3cb7f17f58bf454ec0e1
SHA256

516af190e411859eafe3334997490013f00b0a6199ef034a584df640a3993440
SHA512

961dd27cc6e665c67be0fc0efddb1b0912890a6b13b22d342a8cad5332923013c889cf056a4faaef50a0c77ef7770393907c3493aa145e9ab0aeb2323bfdc38f

Score

8^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  OFFICIAL PAYMENT MODE DURING COVID-19 PANDEMIC-2020.com
- Size
  
  480KB
- MD5
  
  5ac4e04aca5a3bfaf13c7c5d429cc017
- SHA1
  
  3648fdde6cb192dcabde3cb7f17f58bf454ec0e1
- SHA256
  
  516af190e411859eafe3334997490013f00b0a6199ef034a584df640a3993440
- SHA512
  
  961dd27cc6e665c67be0fc0efddb1b0912890a6b13b22d342a8cad5332923013c889cf056a4faaef50a0c77ef7770393907c3493aa145e9ab0aeb2323bfdc38f
Score

8^/10

evasion trojan persistence spyware
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespyware