5bf9c6dd99a8c7ee59efcf09ff2b4ee5b5f51aab9ad91cd2aa0fca4b0ae975ba | Triage

Sharing

General

Target

Doc#162020094753525765344650094480.pdf.exe
Size

4.7MB
Sample

200718-zhn9g88abn
MD5

ffceee8b1fe197a9cac46ae74a66bccd
SHA1

806284efb14a8a27f44eee9564957659eec05282
SHA256

5bf9c6dd99a8c7ee59efcf09ff2b4ee5b5f51aab9ad91cd2aa0fca4b0ae975ba
SHA512

9d1cb0248107409eac2def450ebc99173e67340ee79a6f62c9b8273e318b0c17b53f914f122bb79d02f55af86516852100996c5152b5e15917a6c490c53e7627

Score

8^/10

persistence spyware

Malware Config

Targets

- Target
  
  Doc#162020094753525765344650094480.pdf.exe
- Size
  
  4.7MB
- MD5
  
  ffceee8b1fe197a9cac46ae74a66bccd
- SHA1
  
  806284efb14a8a27f44eee9564957659eec05282
- SHA256
  
  5bf9c6dd99a8c7ee59efcf09ff2b4ee5b5f51aab9ad91cd2aa0fca4b0ae975ba
- SHA512
  
  9d1cb0248107409eac2def450ebc99173e67340ee79a6f62c9b8273e318b0c17b53f914f122bb79d02f55af86516852100996c5152b5e15917a6c490c53e7627
Score

8^/10

persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2