9ec02e66bd6ee97553eea72fc2172245c0d2ce8e18b005a6d431e447a22cbe7a | Triage

Submit
Reports

Overview

overview

8

Static

static

Test1

windows7_x64

8

Sharing

General

Target

main.file.rtf.zip
Size

296KB
Sample

201105-xjdfkx95za
MD5

c293474a5d69cbaf96817ef28c76af9d
SHA1

78ea8caceccccca7b9ad8a784065a0470b3c0a1d
SHA256

9ec02e66bd6ee97553eea72fc2172245c0d2ce8e18b005a6d431e447a22cbe7a
SHA512

03a914f80f6c7ff9cb4ed34f5ab83939456fe18604886025368e2b449703f822eabcc2be59b5ac1530f35f86565ec689e910c9ff40a652e9df99262f7352e357

Score

8^/10

discovery persistence spyware

Static task

static1

Behavioral task

behavioral1

Sample

main.file.rtf

Resource

win7v20201028

discovery persistence spyware

windows7_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  main.file.rtf
- Size
  
  675KB
- MD5
  
  91c96924f79fe35471bf3a910e5b50d8
- SHA1
  
  209edea3cc34d3b65240a5a6e8c969287efae79c
- SHA256
  
  e3be9192477e43ad94b16f4c0a9775adf9019172c0c89712907a8f9a1680100c
- SHA512
  
  bbacbf2de97b05c25762e94afbdcba550f0e0e2b5e794526344a8e31b0e7dc988049eac686a247b1002d06f1e4e083c84cd348e07848b979f2615682ea3af72a
Score

8^/10

discovery persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Exploitation for Client Execution

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespyware

© 2018-2024

Terms | Privacy