Overview

overview

7

Static

static

Shipment N...11.exe

windows7_x64

7

Shipment N...11.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipment Number -  6183111.exe

  • Size

    367KB

  • Sample

    200711-szcfmjxyrs

  • MD5

    4edc409cff67d97a3c7d27f608f01946

  • SHA1

    b12d5bb5a2a0b6605e1ab1321dff0d096c8cc2a8

  • SHA256

    62c097a914ab8991bde3355d8ab837c3d3e0421b67f7768b5ad1ec70226b7208

  • SHA512

    02731cd61f3b06b02ddd5f3f80d2f37939bc05acd7156fc557701bc91a97ba463abe51ba99d08a3360e685ba38e0c16ae8ceda44c8fabf3944826c1208d6d9e2

Score
7/10
spyware

Malware Config

Targets

    • Target

      Shipment Number -  6183111.exe

    • Size

      367KB

    • MD5

      4edc409cff67d97a3c7d27f608f01946

    • SHA1

      b12d5bb5a2a0b6605e1ab1321dff0d096c8cc2a8

    • SHA256

      62c097a914ab8991bde3355d8ab837c3d3e0421b67f7768b5ad1ec70226b7208

    • SHA512

      02731cd61f3b06b02ddd5f3f80d2f37939bc05acd7156fc557701bc91a97ba463abe51ba99d08a3360e685ba38e0c16ae8ceda44c8fabf3944826c1208d6d9e2

    Score
    7/10
    spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks