85e27a1781cf4c5207506a5c2a7df47ab4b79186ffeb2fa6665fb4c2bd50f261 | Triage

Sharing

General

Target

PO#54777587657864.bat
Size

552KB
Sample

200712-tknpnph1dn
MD5

91d19d78b995cb707d82b22825351174
SHA1

466c85478cbaac4e0f13cabcb042fce4476b518c
SHA256

85e27a1781cf4c5207506a5c2a7df47ab4b79186ffeb2fa6665fb4c2bd50f261
SHA512

c919d0d0055e5777af728859488a74872024538231d180c8b24c8ca08af30f2faf34475ad16901191aa5cee5e6df50520d862fd526e81656b35a47e717faa3be

Score

7^/10

persistence spyware

Malware Config

Targets

- Target
  
  PO#54777587657864.bat
- Size
  
  552KB
- MD5
  
  91d19d78b995cb707d82b22825351174
- SHA1
  
  466c85478cbaac4e0f13cabcb042fce4476b518c
- SHA256
  
  85e27a1781cf4c5207506a5c2a7df47ab4b79186ffeb2fa6665fb4c2bd50f261
- SHA512
  
  c919d0d0055e5777af728859488a74872024538231d180c8b24c8ca08af30f2faf34475ad16901191aa5cee5e6df50520d862fd526e81656b35a47e717faa3be
Score

7^/10

persistence spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2

spywarepersistence