Overview

overview

7

Static

static

Shipping D...ft.exe

windows7_x64

7

Shipping D...ft.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping Document PL&BL Draft.exe

  • Size

    730KB

  • Sample

    200713-fwgf9bcx2n

  • MD5

    bfefe46f1d547f9da51fc00409829a09

  • SHA1

    51e84e711f2191d138c14aa4b421aff54cc2042f

  • SHA256

    5d6d79cf8e947dbd356240026f305d09c23e61990bf0302d9020d7fa935254ae

  • SHA512

    c46de0c92a2734f6f829a519c52350887111e43b2b63deaf2f706c92752361252fa43aba99a092502816d6b8fa967316e7b5ca6397fcae2c4c572a4b933491eb

Score
7/10
spyware

Malware Config

Targets

    • Target

      Shipping Document PL&BL Draft.exe

    • Size

      730KB

    • MD5

      bfefe46f1d547f9da51fc00409829a09

    • SHA1

      51e84e711f2191d138c14aa4b421aff54cc2042f

    • SHA256

      5d6d79cf8e947dbd356240026f305d09c23e61990bf0302d9020d7fa935254ae

    • SHA512

      c46de0c92a2734f6f829a519c52350887111e43b2b63deaf2f706c92752361252fa43aba99a092502816d6b8fa967316e7b5ca6397fcae2c4c572a4b933491eb

    Score
    7/10
    spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks