Overview

overview

8

Static

static

INV2020071...O.xlsx

windows7_x64

8

INV2020071...O.xlsx

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INV20200716CATALOG_DESIGN_PO.xlsx

  • Size

    14KB

  • Sample

    200716-ep3a1x3d6s

  • MD5

    9a8024a499fbd0528ce3a41f641225b4

  • SHA1

    ee2d4450412bb4092d62168a43a4e66a8eae4e8a

  • SHA256

    dc58e47ae7ee4c62f5733e94de8e157de3cb6b3b21f013ea1fc6d923f47a6e69

  • SHA512

    37e3f683a4a15e6c5b7d1310685c785e05475d31bba592ef8b65fdc54095b51e2698082c9d8bc09910f368e1b2f3ad0df8bd167eabdf8b0b85122ff8e94dea06

Score
8/10
spyware

Malware Config

Targets

    • Target

      INV20200716CATALOG_DESIGN_PO.xlsx

    • Size

      14KB

    • MD5

      9a8024a499fbd0528ce3a41f641225b4

    • SHA1

      ee2d4450412bb4092d62168a43a4e66a8eae4e8a

    • SHA256

      dc58e47ae7ee4c62f5733e94de8e157de3cb6b3b21f013ea1fc6d923f47a6e69

    • SHA512

      37e3f683a4a15e6c5b7d1310685c785e05475d31bba592ef8b65fdc54095b51e2698082c9d8bc09910f368e1b2f3ad0df8bd167eabdf8b0b85122ff8e94dea06

    Score
    8/10
    spyware

    • Blacklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks