Overview

overview

7

Static

static

PO#11-001201204.exe

windows7_x64

5

PO#11-001201204.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#11-001201204.exe

  • Size

    723KB

  • Sample

    210113-5slxqhya1n

  • MD5

    fa8f61df214d938ee062bc1b3da2af67

  • SHA1

    9a550661068db7466805a5d52499ceedd43cbe13

  • SHA256

    5b5c477150b5e78d97d53f6fe9e306fe51f795d044a82ac11490bc25fda4d432

  • SHA512

    8cee828d6d83bcac146f56ba7c74c7ddc50384df0c566b2af97eabdd1828dcfb043e902aab166042f0397c535a37c4cd675b3459b9cac1ef8ecfad28c47727a7

Score
7/10
spyware

Malware Config

Targets

    • Target

      PO#11-001201204.exe

    • Size

      723KB

    • MD5

      fa8f61df214d938ee062bc1b3da2af67

    • SHA1

      9a550661068db7466805a5d52499ceedd43cbe13

    • SHA256

      5b5c477150b5e78d97d53f6fe9e306fe51f795d044a82ac11490bc25fda4d432

    • SHA512

      8cee828d6d83bcac146f56ba7c74c7ddc50384df0c566b2af97eabdd1828dcfb043e902aab166042f0397c535a37c4cd675b3459b9cac1ef8ecfad28c47727a7

    Score
    7/10
    spyware

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks