Analysis

  • max time kernel
    143s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10
  • submitted
    09-07-2020 12:04

General

  • Target

    42f147f01293f910a3424cb8f1ec718e.exe

  • Size

    293KB

  • MD5

    42f147f01293f910a3424cb8f1ec718e

  • SHA1

    f03c87476618c88412865291e38c19572f360987

  • SHA256

    5a4f664ec25252863eb4bd01793b93af16849a7784863115a1b1e0ff7aaa5f0f

  • SHA512

    a397fbaab2dee2a4020f7bc82f5f0dfcadc4200a021de5b03fa65305c58be9f3161015ebea105b753486aec6633bc3466ff131c99a445e124eaf958422a0f08b

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    paoksik@yandex.com
  • Password:
    5JHG67#$v1

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\42f147f01293f910a3424cb8f1ec718e.exe
    "C:\Users\Admin\AppData\Local\Temp\42f147f01293f910a3424cb8f1ec718e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious behavior: EnumeratesProcesses
    PID:2920

Network

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Replay Monitor

Loading Replay Monitor...

Downloads