597022d4e4794fb02c89a43939d93d1b2b1140e798e355c2a53a8423f19514ad | Triage

Submit
Reports

Overview

overview

7

Static

static

ORDERMOO2#...20.exe

windows7_x64

7

ORDERMOO2#...20.exe

windows10_x64

3

Sharing

General

Target

ORDERMOO2#O2-JULY2020.exe
Size

608KB
Sample

200710-cykwfdn8e6
MD5

a95901fe4c5694369516e46bf7c8b577
SHA1

b8d317bbc7dcc71d520b63f53d0a4b941e0d73d6
SHA256

597022d4e4794fb02c89a43939d93d1b2b1140e798e355c2a53a8423f19514ad
SHA512

e9f16d61a7d9d9ed97429b252523c82a1aa764b1f3d0195ffbe03a3744540c434685539fcf35d0d2e05e3fe69c965245ef2b3a35297c09fec1e3613d0656a5ac

Score

7^/10

persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

ORDERMOO2#O2-JULY2020.exe

Resource

win7v200430

persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ORDERMOO2#O2-JULY2020.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ORDERMOO2#O2-JULY2020.exe
- Size
  
  608KB
- MD5
  
  a95901fe4c5694369516e46bf7c8b577
- SHA1
  
  b8d317bbc7dcc71d520b63f53d0a4b941e0d73d6
- SHA256
  
  597022d4e4794fb02c89a43939d93d1b2b1140e798e355c2a53a8423f19514ad
- SHA512
  
  e9f16d61a7d9d9ed97429b252523c82a1aa764b1f3d0195ffbe03a3744540c434685539fcf35d0d2e05e3fe69c965245ef2b3a35297c09fec1e3613d0656a5ac
Score

7^/10

persistence spyware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

© 2018-2024

Terms | Privacy