Overview

overview

8

Static

static

fletë pagese.exe

windows7_x64

8

fletë pagese.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fletë pagese.exe

  • Size

    649KB

  • Sample

    200709-dn2kzzabbe

  • MD5

    f536c98ef869e3a9d1d6776edbee76b1

  • SHA1

    0876c67101f3f146e293199971596a5b47123a4c

  • SHA256

    7f261df83598926b168c3515bde5a345dba7828d5bcbdedff5fc55cd16ec23a8

  • SHA512

    b26ab3b4c4d0117cca7e38f0e4b0d3f530888b776cf7b6f0e2fabb48af632ca678a509211e8797c928429071abf1b7667f2174a2aaacdf71bdd2a755650b11ae

Score
8/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      fletë pagese.exe

    • Size

      649KB

    • MD5

      f536c98ef869e3a9d1d6776edbee76b1

    • SHA1

      0876c67101f3f146e293199971596a5b47123a4c

    • SHA256

      7f261df83598926b168c3515bde5a345dba7828d5bcbdedff5fc55cd16ec23a8

    • SHA512

      b26ab3b4c4d0117cca7e38f0e4b0d3f530888b776cf7b6f0e2fabb48af632ca678a509211e8797c928429071abf1b7667f2174a2aaacdf71bdd2a755650b11ae

    Score
    8/10
    persistencespywareevasiontrojan

    • Adds Run entry to policy start application

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks