New PO #0164522433 JAN 2021.exe

General
Target

New PO #0164522433 JAN 2021.exe

Size

1MB

Sample

210113-lj8zgx81h2

Score
7 /10
MD5

1cbe8e5ddca661fc3239ffcb3b44b1db

SHA1

1cc2dd369304b5ad81113b06cf7f73c75226cc4e

SHA256

8ca38b4cf8849e7b7d18cc8afdae915c4dedc2f5aaca4b9a4fd57bdfd5e25a25

SHA512

df833315d49687c0910e92c0f0cba2eefde3657d42b5b6ae7ab2929187d9857c4d45dbba9c253897a18c835c69b4dc44a58cb63f4a29757d75f4e893a81ad558

Malware Config
Targets
Target

New PO #0164522433 JAN 2021.exe

MD5

1cbe8e5ddca661fc3239ffcb3b44b1db

Filesize

1MB

Score
7 /10
SHA1

1cc2dd369304b5ad81113b06cf7f73c75226cc4e

SHA256

8ca38b4cf8849e7b7d18cc8afdae915c4dedc2f5aaca4b9a4fd57bdfd5e25a25

SHA512

df833315d49687c0910e92c0f0cba2eefde3657d42b5b6ae7ab2929187d9857c4d45dbba9c253897a18c835c69b4dc44a58cb63f4a29757d75f4e893a81ad558

Tags

Signatures

  • Suspicious use of SetThreadContext

  • Reads user/profile data of local email clients

    Description

    Email clients store some user data on disk where infostealers will often target it.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      5/10

                      behavioral2

                      7/10