Overview

overview

6

Static

static

Payment_details.exe

windows7_x64

6

Payment_details.exe

windows10_x64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment_details.exe

  • Size

    1.5MB

  • Sample

    200712-6rgqqndpxa

  • MD5

    936af588ee9f7b4d8a1461fc2d1d3306

  • SHA1

    f3f4b78eb0524e5f63bd94775eba637c2de55360

  • SHA256

    caadaf420eed8a87831e8e3c02a6720272a4de3e3eb08e0a3f35a16837a17383

  • SHA512

    9049e6e2c09810af50092466e64866868c6ce737794891ef97d336fdf61abaad7639633d822342aec1cb1a098ddcb889b5f504f7b20cdf6823af0009733010da

Score
6/10
persistence

Malware Config

Targets

    • Target

      Payment_details.exe

    • Size

      1.5MB

    • MD5

      936af588ee9f7b4d8a1461fc2d1d3306

    • SHA1

      f3f4b78eb0524e5f63bd94775eba637c2de55360

    • SHA256

      caadaf420eed8a87831e8e3c02a6720272a4de3e3eb08e0a3f35a16837a17383

    • SHA512

      9049e6e2c09810af50092466e64866868c6ce737794891ef97d336fdf61abaad7639633d822342aec1cb1a098ddcb889b5f504f7b20cdf6823af0009733010da

    Score
    6/10
    persistence

    • Adds Run entry to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks