53a076f12f6d31f5d0ddbb7a9c061dfd29516342b0102504f60341e363636eb8 | Triage

Sharing

General

Target

NEW_PURC.EXE
Size

403KB
Sample

200709-f16zfb9nqn
MD5

b5b940f3a5c44f7c568f55e711bd4e22
SHA1

4b81fd2ae56891dd623dd18bdb1bac1627f720da
SHA256

53a076f12f6d31f5d0ddbb7a9c061dfd29516342b0102504f60341e363636eb8
SHA512

ee4c712e7448c73e78880a20637feb4f39365e5b57faae981802ed5a878811e973becc6626a6ae18784d646a8049fff17498f29c0a5d971e6b524e3f2fec1e72

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  NEW_PURC.EXE
- Size
  
  403KB
- MD5
  
  b5b940f3a5c44f7c568f55e711bd4e22
- SHA1
  
  4b81fd2ae56891dd623dd18bdb1bac1627f720da
- SHA256
  
  53a076f12f6d31f5d0ddbb7a9c061dfd29516342b0102504f60341e363636eb8
- SHA512
  
  ee4c712e7448c73e78880a20637feb4f39365e5b57faae981802ed5a878811e973becc6626a6ae18784d646a8049fff17498f29c0a5d971e6b524e3f2fec1e72
Score

7^/10

spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2