c21af7bb95c19c612a239b33474ff9167efe84e3ae69b9b727b75401e2e81670 | Triage

Sharing

General

Target

IMG_2021_01_13_1_RFQ_PO_1832938.exe
Size

976KB
Sample

210113-cpbtfm3p4j
MD5

c82ca6c32016c3867edf5263e33687f8
SHA1

c5383fca92bf718c78c77b754572a072e767e106
SHA256

c21af7bb95c19c612a239b33474ff9167efe84e3ae69b9b727b75401e2e81670
SHA512

a8db5ebdb181eb706c56c7051a16b61ae0e7123126bc5f5ebf2b8eaf36da9c263fa710a73324d2d20c1d61cf063aa9444d7d75fe06f2162f24a65123693a45ff

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  IMG_2021_01_13_1_RFQ_PO_1832938.exe
- Size
  
  976KB
- MD5
  
  c82ca6c32016c3867edf5263e33687f8
- SHA1
  
  c5383fca92bf718c78c77b754572a072e767e106
- SHA256
  
  c21af7bb95c19c612a239b33474ff9167efe84e3ae69b9b727b75401e2e81670
- SHA512
  
  a8db5ebdb181eb706c56c7051a16b61ae0e7123126bc5f5ebf2b8eaf36da9c263fa710a73324d2d20c1d61cf063aa9444d7d75fe06f2162f24a65123693a45ff
Score

7^/10

spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2