dea3774e5c5ae207131be64dec69219c8e0274ee90efc6914ceaedf551f255c6 | Triage

Submit
Reports

Overview

overview

8

Static

static

UNGO PAYME...OC.exe

windows7_x64

8

UNGO PAYME...OC.exe

windows10_x64

8

Sharing

General

Target

UNGO PAYMENT FORM08656049_DOC.exe
Size

831KB
Sample

200709-s7c1ec7wes
MD5

5310d3ed86e4e68a0d657ed3bb30acd5
SHA1

a4d46ab83ac7e30492b061e4ac95b9f5dd2e8905
SHA256

dea3774e5c5ae207131be64dec69219c8e0274ee90efc6914ceaedf551f255c6
SHA512

1768202776abb2bfccc2efcaa1024c46ca20f83d3e87fdb9739c03f838ff48df52241134fdd68376c8fe644492271d3f6366edff6ae9c3fb848cb593a0145dce

Score

8^/10

evasion persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

UNGO PAYMENT FORM08656049_DOC.exe

Resource

win7v200430

evasion trojan persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

UNGO PAYMENT FORM08656049_DOC.exe

Resource

win10

persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  UNGO PAYMENT FORM08656049_DOC.exe
- Size
  
  831KB
- MD5
  
  5310d3ed86e4e68a0d657ed3bb30acd5
- SHA1
  
  a4d46ab83ac7e30492b061e4ac95b9f5dd2e8905
- SHA256
  
  dea3774e5c5ae207131be64dec69219c8e0274ee90efc6914ceaedf551f255c6
- SHA512
  
  1768202776abb2bfccc2efcaa1024c46ca20f83d3e87fdb9739c03f838ff48df52241134fdd68376c8fe644492271d3f6366edff6ae9c3fb848cb593a0145dce
Score

8^/10

evasion trojan persistence spyware
- Adds Run entry to policy start application
  persistence
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistencespyware

behavioral2

persistencespyware

© 2018-2024

Terms | Privacy