90d5792fd0a2ab859f120bef8f12a28c8f7e4119a43054c22db57e76c7b386a0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Payment_details.exe
Size

1.5MB
Sample

200710-q25whwh2xs
MD5

c0418cf3c3252f74c1fb01e273c1fb12
SHA1

0dda517deda93a3fd0657284857d001ad8572d43
SHA256

90d5792fd0a2ab859f120bef8f12a28c8f7e4119a43054c22db57e76c7b386a0
SHA512

4f4ef54cc3380234330c8962cc97913782dac7bd948e50a32501c84d493ff923796ac1822b6e5ba0465f0903f4d221af0fb9bf92595165df78f68937158cd1bc

Score

7^/10

persistence spyware

Malware Config

Targets

- Target
  
  Payment_details.exe
- Size
  
  1.5MB
- MD5
  
  c0418cf3c3252f74c1fb01e273c1fb12
- SHA1
  
  0dda517deda93a3fd0657284857d001ad8572d43
- SHA256
  
  90d5792fd0a2ab859f120bef8f12a28c8f7e4119a43054c22db57e76c7b386a0
- SHA512
  
  4f4ef54cc3380234330c8962cc97913782dac7bd948e50a32501c84d493ff923796ac1822b6e5ba0465f0903f4d221af0fb9bf92595165df78f68937158cd1bc
Score

7^/10

persistence spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2