8c55df1fdc1ac49e2c0a3b5b77bd044d842d2f6e38bd5f782d93853a560140fb | Triage

Submit
Reports

Overview

overview

8

Static

static

MT103 PAYM...DF.exe

windows7_x64

8

MT103 PAYM...DF.exe

windows10_x64

8

Sharing

General

Target

MT103 PAYMENT COPY_PDF.exe
Size

369KB
Sample

200715-yj6w4v912n
MD5

20a2543a7a37a75b93924dd83c03743d
SHA1

dacf53a9ae5c29a1d33fb2bf064ede984a0ad379
SHA256

8c55df1fdc1ac49e2c0a3b5b77bd044d842d2f6e38bd5f782d93853a560140fb
SHA512

3c49d4b09b5510e9a2ea24e75c9bf694a006cd31b9d06546aa08ac369cb8464916c40c7d0db566ef82d4b147e265582f5d081c26f3b6ad9e99f6c792c9be0d10

Score

8^/10

persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

MT103 PAYMENT COPY_PDF.exe

Resource

win7v200430

spyware persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MT103 PAYMENT COPY_PDF.exe

Resource

win10

spyware persistence

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  MT103 PAYMENT COPY_PDF.exe
- Size
  
  369KB
- MD5
  
  20a2543a7a37a75b93924dd83c03743d
- SHA1
  
  dacf53a9ae5c29a1d33fb2bf064ede984a0ad379
- SHA256
  
  8c55df1fdc1ac49e2c0a3b5b77bd044d842d2f6e38bd5f782d93853a560140fb
- SHA512
  
  3c49d4b09b5510e9a2ea24e75c9bf694a006cd31b9d06546aa08ac369cb8464916c40c7d0db566ef82d4b147e265582f5d081c26f3b6ad9e99f6c792c9be0d10
Score

8^/10

spyware persistence
- Adds policy Run key to start application
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarepersistence

behavioral2

spywarepersistence

© 2018-2024

Terms | Privacy