Overview

overview

8

Static

static

customers_...rm.exe

windows7_x64

8

customers_...rm.exe

windows10_x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    customers_dhl_form.exe

  • Size

    601KB

  • Sample

    200710-4xecwzzx1a

  • MD5

    9e610f42413bbf1704d725c71def3c99

  • SHA1

    36d6f7604fd112dbeabc0d07ec64d1957d2245af

  • SHA256

    b633c0e44bd60afbcf59a3802cf2703b1604eae7666c411e08ba2a6b31edcbda

  • SHA512

    4658a2716940ff455b4e02dbffefb598b9c8af6a90edcad383bad5527f43ad5afabc17b4a0544d1bc2fc4de9679656ac30c46d2f8ecd273c73c6accd15d82cd7

Score
8/10
spyware

Malware Config

Targets

    • Target

      customers_dhl_form.exe

    • Size

      601KB

    • MD5

      9e610f42413bbf1704d725c71def3c99

    • SHA1

      36d6f7604fd112dbeabc0d07ec64d1957d2245af

    • SHA256

      b633c0e44bd60afbcf59a3802cf2703b1604eae7666c411e08ba2a6b31edcbda

    • SHA512

      4658a2716940ff455b4e02dbffefb598b9c8af6a90edcad383bad5527f43ad5afabc17b4a0544d1bc2fc4de9679656ac30c46d2f8ecd273c73c6accd15d82cd7

    Score
    8/10
    spyware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks