Overview

overview

8

Static

static

Booking Co...DF.exe

windows7_x64

8

Booking Co...DF.exe

windows10_x64

8

Resubmissions

07-07-2022 07:38

220707-jgwxasfbgj 10

06-11-2020 17:38

201106-dv6jg3j51e 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Booking Confirmation 110492024951 - copy - PDF.exe

  • Size

    783KB

  • Sample

    201106-dv6jg3j51e

  • MD5

    f867516ec5e600fb4af968c71b9a2a80

  • SHA1

    701970eb6a98cbc8661562155796f0491cf36efe

  • SHA256

    84e2088ea38d600fd562925b840117483cf4683573e92106c23c19bdfae2f878

  • SHA512

    d694a4898a7bca9aa1f9bfa20ca38c2768a608afc80b8dfa9a7bbbdc0740f7bab7514813530cec3ea66ce2b89cb916fcbbc94214d4859b8c98742e08ef486c41

Score
8/10
persistencespyware

Malware Config

Targets

    • Target

      Booking Confirmation 110492024951 - copy - PDF.exe

    • Size

      783KB

    • MD5

      f867516ec5e600fb4af968c71b9a2a80

    • SHA1

      701970eb6a98cbc8661562155796f0491cf36efe

    • SHA256

      84e2088ea38d600fd562925b840117483cf4683573e92106c23c19bdfae2f878

    • SHA512

      d694a4898a7bca9aa1f9bfa20ca38c2768a608afc80b8dfa9a7bbbdc0740f7bab7514813530cec3ea66ce2b89cb916fcbbc94214d4859b8c98742e08ef486c41

    Score
    8/10
    persistencespyware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks