37859468e6f4a77939f08daeab868b4da51c1a506334dc85908d2c29b0d977fc | Triage

Sharing

General

Target

SWIFTpayment47547745776.bat
Size

545KB
Sample

200707-n552afltts
MD5

68b0764829912d9ecd36633377da29bc
SHA1

17ab0f2b63d6e723be24ac44874c3a86e01186b5
SHA256

37859468e6f4a77939f08daeab868b4da51c1a506334dc85908d2c29b0d977fc
SHA512

fedc6097a4f8ef57664ef45fcfcec227ee1a6c1bc894effc43cd32ff3982f89c401efdddc713d0ad4046ace3a7f8a4bf023bd9c007f188a514847227acfa3c15

Score

7^/10

persistence spyware

Malware Config

Targets

- Target
  
  SWIFTpayment47547745776.bat
- Size
  
  545KB
- MD5
  
  68b0764829912d9ecd36633377da29bc
- SHA1
  
  17ab0f2b63d6e723be24ac44874c3a86e01186b5
- SHA256
  
  37859468e6f4a77939f08daeab868b4da51c1a506334dc85908d2c29b0d977fc
- SHA512
  
  fedc6097a4f8ef57664ef45fcfcec227ee1a6c1bc894effc43cd32ff3982f89c401efdddc713d0ad4046ace3a7f8a4bf023bd9c007f188a514847227acfa3c15
Score

7^/10

persistence spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

persistencespyware