Analysis
-
max time kernel
148s -
max time network
41s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
07-07-2020 12:44
Static task
static1
Behavioral task
behavioral1
Sample
New Order no.83.exe
Resource
win7v200430
Behavioral task
behavioral2
Sample
New Order no.83.exe
Resource
win10
General
-
Target
New Order no.83.exe
-
Size
524KB
-
MD5
f56fd625a6f5432271de65d3874af2e0
-
SHA1
aed3bc9c6d6f6e805eba4730c1ebd96cc28a117e
-
SHA256
6ed74e9cef6afae8b19f79eb97ba9acb97de44a6cf3ddf5e247b43e317f65ef8
-
SHA512
838e457766ebf38b212db8383ceb653a4ce628cf9f357cd05ab1d3383069660e0c43f32d631b091e1e2c7c15e677f2f764826ad3b56d33a9a52c4b635ad5c5de
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
New Order no.83.exedescription pid process Token: SeDebugPrivilege 1292 New Order no.83.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
New Order no.83.exepid process 1292 New Order no.83.exe 1292 New Order no.83.exe -
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.