Overview

overview

8

Static

static

payment.exe

windows7_x64

8

payment.exe

windows10_x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    payment.exe

  • Size

    479KB

  • Sample

    200707-hp6wyng48x

  • MD5

    c7c93dec3793f885f2989f6b6e8cef69

  • SHA1

    91aad3b2300b4212482a8bf15ce87d8832c359f5

  • SHA256

    a26b0b8ed3e9a7159a68553861239c8ba255afcf36fc645d33bc3a36b7849496

  • SHA512

    ae715317b33950cd5fa62572a4dea7cbb63a62281f3e7b224654be713fb6afa2820d1acc890ce861251d353ce065da5a40e0c49d51c92acea55c5526a5b6289c

Score
8/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      payment.exe

    • Size

      479KB

    • MD5

      c7c93dec3793f885f2989f6b6e8cef69

    • SHA1

      91aad3b2300b4212482a8bf15ce87d8832c359f5

    • SHA256

      a26b0b8ed3e9a7159a68553861239c8ba255afcf36fc645d33bc3a36b7849496

    • SHA512

      ae715317b33950cd5fa62572a4dea7cbb63a62281f3e7b224654be713fb6afa2820d1acc890ce861251d353ce065da5a40e0c49d51c92acea55c5526a5b6289c

    Score
    8/10
    spywareevasiontrojanpersistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks