5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

order.exe
Size

399KB
Sample

200709-jqcqa63tnj
MD5

d3f4595f210be5a466132637036d72c3
SHA1

980d63586e5116fdcbe87fe4e5914429a96f8655
SHA256

5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97
SHA512

f263c92b4a966c1a5d916ec130a44eb75f87800165a81d9752248eede5f519cad9589e0a597a1249b9c36f2ed0ae0fa6eef445113b86ef934ca19c49b2b392f5

Score

8^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  order.exe
- Size
  
  399KB
- MD5
  
  d3f4595f210be5a466132637036d72c3
- SHA1
  
  980d63586e5116fdcbe87fe4e5914429a96f8655
- SHA256
  
  5962532a97c0efd1227d42aeddeacf09c0f8c8787e476e650d71ceed4ed52d97
- SHA512
  
  f263c92b4a966c1a5d916ec130a44eb75f87800165a81d9752248eede5f519cad9589e0a597a1249b9c36f2ed0ae0fa6eef445113b86ef934ca19c49b2b392f5
Score

8^/10

evasion trojan spyware persistence
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

spywarepersistence