5e7286a6c92ed2e7d83789a1e1e71e0e051fa0fbb47ff3767b787c86e1fec49c | Triage

Submit
Reports

Overview

overview

8

Static

static

12.07.rtf

windows7_x64

8

12.07.rtf

windows10_x64

1

Sharing

General

Target

12.07.rtf
Size

653KB
Sample

200712-d8wzg6lqgn
MD5

333d571e448686dd17da1d47546e4aab
SHA1

03ddb8e0550dd9e5e01b8560a199ab344b55d744
SHA256

5e7286a6c92ed2e7d83789a1e1e71e0e051fa0fbb47ff3767b787c86e1fec49c
SHA512

16f0a5242fc2ab83fc96e0ef1a04cd385753cdf0b0c668495226b43a77135f1ec113e537acf7413a750e0196b7dedec071449a4eaae2222f6f852f57f9431fd3

Score

8^/10

evasion persistence spyware trojan

Static task

static1

Behavioral task

behavioral1

Sample

12.07.rtf

Resource

win7

evasion trojan persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

12.07.rtf

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  12.07.rtf
- Size
  
  653KB
- MD5
  
  333d571e448686dd17da1d47546e4aab
- SHA1
  
  03ddb8e0550dd9e5e01b8560a199ab344b55d744
- SHA256
  
  5e7286a6c92ed2e7d83789a1e1e71e0e051fa0fbb47ff3767b787c86e1fec49c
- SHA512
  
  16f0a5242fc2ab83fc96e0ef1a04cd385753cdf0b0c668495226b43a77135f1ec113e537acf7413a750e0196b7dedec071449a4eaae2222f6f852f57f9431fd3
Score

8^/10

evasion trojan persistence spyware
- Blacklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasiontrojanpersistencespyware

behavioral2

© 2018-2024

Terms | Privacy