Overview

overview

7

Static

static

Order Nr 1...DO.exe

windows7_x64

7

Order Nr 1...DO.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Order Nr 1_04080 00066831 ADHISAKTI SOLUSI KOMPUTINDO.exe

  • Size

    674KB

  • Sample

    200707-cnyy2d5l16

  • MD5

    b21189906b103028dee0fb64b4a81a1a

  • SHA1

    09ed479ac5de813a062c0b14210a98a506eb0401

  • SHA256

    efbf5a969b67ed8197b94ea06b03876e6e5cd6853c339e922f59f4741f1a78f3

  • SHA512

    b838a4d5962883bbb58463345d3af444a3ec443408ccc22f3e6397396d0549149037e3c785db1e8e334b7230a44bf7a1f38415744a66d852d0f1134e311c2de2

Score
7/10
spyware

Malware Config

Targets

    • Target

      Order Nr 1_04080 00066831 ADHISAKTI SOLUSI KOMPUTINDO.exe

    • Size

      674KB

    • MD5

      b21189906b103028dee0fb64b4a81a1a

    • SHA1

      09ed479ac5de813a062c0b14210a98a506eb0401

    • SHA256

      efbf5a969b67ed8197b94ea06b03876e6e5cd6853c339e922f59f4741f1a78f3

    • SHA512

      b838a4d5962883bbb58463345d3af444a3ec443408ccc22f3e6397396d0549149037e3c785db1e8e334b7230a44bf7a1f38415744a66d852d0f1134e311c2de2

    Score
    7/10
    spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks