Overview

overview

7

Static

static

view page ...id.rtf

windows7_x64

7

view page ...id.rtf

windows10_x64

1

Resubmissions

04-12-2020 23:26

201204-em2p576lje 4

04-12-2020 23:21

201204-djhepqlp7s 7

04-12-2020 23:16

201204-np79pl4zy2 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    view page source hybrid.rtf

  • Size

    46KB

  • Sample

    201204-djhepqlp7s

  • MD5

    4dfa2438ea66e13ccd84afca3c410be4

  • SHA1

    9e131830c70fe743b0625637fa407cad525811f5

  • SHA256

    187441262398983e2bf4672e06325e247537e083f9dcf384762858307cc5c8df

  • SHA512

    218ce0bdbf2011864ea3d7b6b733ceadb8c4f93c180fca371c0fb79b8514843dff30c54b483d17e5b9c3743f347e5761ee3fae3d1c8a0d1e5b18cc76fcff277c

Score
7/10
spyware

Malware Config

Targets

    • Target

      view page source hybrid.rtf

    • Size

      46KB

    • MD5

      4dfa2438ea66e13ccd84afca3c410be4

    • SHA1

      9e131830c70fe743b0625637fa407cad525811f5

    • SHA256

      187441262398983e2bf4672e06325e247537e083f9dcf384762858307cc5c8df

    • SHA512

      218ce0bdbf2011864ea3d7b6b733ceadb8c4f93c180fca371c0fb79b8514843dff30c54b483d17e5b9c3743f347e5761ee3fae3d1c8a0d1e5b18cc76fcff277c

    Score
    7/10
    spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Drops Chrome extension

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks