9daff52b5fd16bd2ff808e6b4ba02d6b46e00d27520ffaabdf42e20d1378a15c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PO#87324.scr
Size

689KB
Sample

200708-5azvlpnww2
MD5

561b9a164ba940c40fafca1388cfba6e
SHA1

de5c90e013c3ec5d65154ce7a06ea5bc81ff6dda
SHA256

9daff52b5fd16bd2ff808e6b4ba02d6b46e00d27520ffaabdf42e20d1378a15c
SHA512

e6a1ae9ac2d736a9f02a70dd2035f2bddd46737678ca769743f4450d67c4ff7ceeffac9f43e8b6fe16c0b0eeeb31b4b45eb7db1d4513dd85ae440294d4a10b9b

Score

8^/10

persistence spyware

Malware Config

Targets

- Target
  
  PO#87324.scr
- Size
  
  689KB
- MD5
  
  561b9a164ba940c40fafca1388cfba6e
- SHA1
  
  de5c90e013c3ec5d65154ce7a06ea5bc81ff6dda
- SHA256
  
  9daff52b5fd16bd2ff808e6b4ba02d6b46e00d27520ffaabdf42e20d1378a15c
- SHA512
  
  e6a1ae9ac2d736a9f02a70dd2035f2bddd46737678ca769743f4450d67c4ff7ceeffac9f43e8b6fe16c0b0eeeb31b4b45eb7db1d4513dd85ae440294d4a10b9b
Score

8^/10

persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

spywarepersistence