ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

L3PRj.dat.exe
Size

836KB
Sample

200714-npa21xm2xs
MD5

3c0d0301f6db7f6aee371c163349838c
SHA1

1d0bd91e8fc2e6fb8bdefde8a315193d3d6b03e5
SHA256

ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e
SHA512

ddc3a72b0fd14956ba7e37c67e632669768b22ed946af65cbe9647f67f3b48f4c795ec5dd5c7bf4cdb180abd41d20d2a6ccc8aa38d7680c1af3c93c9ce4abbfb

Score

8^/10

discovery persistence spyware

Malware Config

Targets

- Target
  
  L3PRj.dat.exe
- Size
  
  836KB
- MD5
  
  3c0d0301f6db7f6aee371c163349838c
- SHA1
  
  1d0bd91e8fc2e6fb8bdefde8a315193d3d6b03e5
- SHA256
  
  ce2644d2d9973ab0a3004942cef2d74d210882bea29d8b698c7af02d308b289e
- SHA512
  
  ddc3a72b0fd14956ba7e37c67e632669768b22ed946af65cbe9647f67f3b48f4c795ec5dd5c7bf4cdb180abd41d20d2a6ccc8aa38d7680c1af3c93c9ce4abbfb
Score

8^/10

persistence spyware discovery
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarediscovery

behavioral2

spywarediscoverypersistence