Overview

overview

8

Static

static

httpbiz9ho...M.xlsx

windows7_x64

8

httpbiz9ho...M.xlsx

windows10_x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    httpbiz9holdings.comINVOICEM.xlsx

  • Size

    14KB

  • Sample

    200708-9kzt9w41ca

  • MD5

    e46baf854751a3373f7c3e2b29795c4b

  • SHA1

    9ab7b5e8212077d63e4e3bba9e11723642ac2d13

  • SHA256

    ba3c7a930968407429cc8e33aa79f4033e1cf2d1597973b6d6cd31b9382cef37

  • SHA512

    a0401ae1b513ff4ccb314bebc77c682c4543a057609d8a724a6161625565de6687e4c04a1d0062684c5ed02a92cfac95960aef872aee900a07f06d4f8cf8828c

Score
8/10
persistencespyware

Malware Config

Targets

    • Target

      httpbiz9holdings.comINVOICEM.xlsx

    • Size

      14KB

    • MD5

      e46baf854751a3373f7c3e2b29795c4b

    • SHA1

      9ab7b5e8212077d63e4e3bba9e11723642ac2d13

    • SHA256

      ba3c7a930968407429cc8e33aa79f4033e1cf2d1597973b6d6cd31b9382cef37

    • SHA512

      a0401ae1b513ff4ccb314bebc77c682c4543a057609d8a724a6161625565de6687e4c04a1d0062684c5ed02a92cfac95960aef872aee900a07f06d4f8cf8828c

    Score
    8/10
    spywarepersistence

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks