82a761b4157d1fa4e99dbf36c0f30935b19a1dd9875e330d81a70877aa07bc8a | Triage

Sharing

General

Target

FedExs AWB#5305323204643.exe
Size

327KB
Sample

200710-3l3dvmv5j6
MD5

4d535bf4723300864190a972b1d4f9ad
SHA1

eeb49ecc3842af963b1ab9eb017c5d672ea7fb37
SHA256

82a761b4157d1fa4e99dbf36c0f30935b19a1dd9875e330d81a70877aa07bc8a
SHA512

7991bcb4756e291d3618db2e1010a763bf3227e4015d160d9fd122d1ad401d67dc8cd1884dbf4f2853a29ceab1dd277e9c1b1526b941554586af608ba53c5f0b

Score

8^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  FedExs AWB#5305323204643.exe
- Size
  
  327KB
- MD5
  
  4d535bf4723300864190a972b1d4f9ad
- SHA1
  
  eeb49ecc3842af963b1ab9eb017c5d672ea7fb37
- SHA256
  
  82a761b4157d1fa4e99dbf36c0f30935b19a1dd9875e330d81a70877aa07bc8a
- SHA512
  
  7991bcb4756e291d3618db2e1010a763bf3227e4015d160d9fd122d1ad401d67dc8cd1884dbf4f2853a29ceab1dd277e9c1b1526b941554586af608ba53c5f0b
Score

8^/10

spyware evasion trojan persistence
- Adds Run entry to policy start application
  persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywareevasiontrojanpersistence

behavioral2