5c0b94de79ed0aecb92dabe4a6904eae55797d7296c40f21ada935ccac38e0c4 | Triage

Sharing

General

Target

send the quotation please.exe
Size

538KB
Sample

200709-ekbwfal736
MD5

725b624537a6fa7d5240a803c8c96fda
SHA1

eb3dffff34cd7541128fcf77b6d6f3484d988133
SHA256

5c0b94de79ed0aecb92dabe4a6904eae55797d7296c40f21ada935ccac38e0c4
SHA512

fbd28adc6003879d14915410fd9d3b3c7d08f272e57b504a77646c252c0c72157764a6dfcbf63385aa362de0ebcbe41882dd80cce28a7d53c852e30275e3f6e7

Score

7^/10

persistence spyware

Malware Config

Targets

- Target
  
  send the quotation please.exe
- Size
  
  538KB
- MD5
  
  725b624537a6fa7d5240a803c8c96fda
- SHA1
  
  eb3dffff34cd7541128fcf77b6d6f3484d988133
- SHA256
  
  5c0b94de79ed0aecb92dabe4a6904eae55797d7296c40f21ada935ccac38e0c4
- SHA512
  
  fbd28adc6003879d14915410fd9d3b3c7d08f272e57b504a77646c252c0c72157764a6dfcbf63385aa362de0ebcbe41882dd80cce28a7d53c852e30275e3f6e7
Score

7^/10

persistence spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

persistencespyware