Overview

overview

10

Static

static

PO#7A68D20.exe

windows7_x64

10

PO#7A68D20.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PO#7A68D20.exe

  • Size

    769KB

  • Sample

    200709-5xnyftkdre

  • MD5

    5c777e4901a8f4175342bca7978ee3d5

  • SHA1

    ebc2a18781d087ed9fd7e43467f0da354c17d8c3

  • SHA256

    b54934cb8e1ff68d2c4306e5a6eb0f9e649ad1680960253c0cfa0c35a6c4d313

  • SHA512

    1113200c02673171d0e1ff8b9d049deea3a23c9e64f9ad211b0f99a5d8876f590a89e0fb6a57a32d90d686c2aa76df3bc496ac09e2ad8dec8750d11593947720

Score
10/10
persistencespyware

Malware Config

Targets

    • Target

      PO#7A68D20.exe

    • Size

      769KB

    • MD5

      5c777e4901a8f4175342bca7978ee3d5

    • SHA1

      ebc2a18781d087ed9fd7e43467f0da354c17d8c3

    • SHA256

      b54934cb8e1ff68d2c4306e5a6eb0f9e649ad1680960253c0cfa0c35a6c4d313

    • SHA512

      1113200c02673171d0e1ff8b9d049deea3a23c9e64f9ad211b0f99a5d8876f590a89e0fb6a57a32d90d686c2aa76df3bc496ac09e2ad8dec8750d11593947720

    Score
    10/10
    spywarepersistence

    • Modifies system executable filetype association

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks