General

  • Target

    QUOTATION REQUEST.exe

  • Size

    778KB

  • Sample

    200709-my34eshl2a

  • MD5

    015e37c9dcb9a83bb7045aa470a7ec4c

  • SHA1

    5aadda4277223ab858902db9c27fa1167518e968

  • SHA256

    c2dc84d69a583c5a9f37109f1c2066af3eca496a1aabb2589c5918a1ca3cb1d7

  • SHA512

    6e6a512e045c5540fcf4ec9133c43ed18c873d6c3e64f268f29e99b9020893cb3ad532476c660f68b05ba14698e0e17f3c130b3cb2b7897ac325b6343f63d11b

Score
8/10

Malware Config

Targets

    • Target

      QUOTATION REQUEST.exe

    • Size

      778KB

    • MD5

      015e37c9dcb9a83bb7045aa470a7ec4c

    • SHA1

      5aadda4277223ab858902db9c27fa1167518e968

    • SHA256

      c2dc84d69a583c5a9f37109f1c2066af3eca496a1aabb2589c5918a1ca3cb1d7

    • SHA512

      6e6a512e045c5540fcf4ec9133c43ed18c873d6c3e64f268f29e99b9020893cb3ad532476c660f68b05ba14698e0e17f3c130b3cb2b7897ac325b6343f63d11b

    Score
    8/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks