77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd | Triage

Sharing

General

Target

eTPiv.exe
Size

941KB
Sample

200708-nhxxn33t3e
MD5

c126b47388c127334162f17ab4e0cb2c
SHA1

d74b2309be4af77691bd424ea8ab5055af89e587
SHA256

77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd
SHA512

7abdf106235dfe7311bcc1a1d847a2b4c9223aa3e59c59c486c4cb310e535de71b3680c937695210be0013c7158aaca97e2e664bb89a8dd5c7306a6cf1c9537a

Score

8^/10

discovery persistence spyware

Malware Config

Targets

- Target
  
  eTPiv.exe
- Size
  
  941KB
- MD5
  
  c126b47388c127334162f17ab4e0cb2c
- SHA1
  
  d74b2309be4af77691bd424ea8ab5055af89e587
- SHA256
  
  77867995d1e8388230c9f71fee5e835b346bfcfef3fde418c6a773eea11b4afd
- SHA512
  
  7abdf106235dfe7311bcc1a1d847a2b4c9223aa3e59c59c486c4cb310e535de71b3680c937695210be0013c7158aaca97e2e664bb89a8dd5c7306a6cf1c9537a
Score

8^/10

persistence spyware discovery
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks for installed software on the system
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarediscovery

behavioral2

persistencespywarediscovery