Overview

overview

7

Static

static

Default

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    New PO #0164522433 JAN 2021.gz

  • Size

    628KB

  • Sample

    210114-4s38tnc7xs

  • MD5

    655032e5cfb4f167a08f9ced5cd70353

  • SHA1

    0e0d7ef1aa78f1befa5c9448c40c653081a57dcb

  • SHA256

    81f37df3917ea95216634ff7316e5c4a1378245b90e4418a7ead52a6025939f6

  • SHA512

    5a6c8e9084c0501b72d1dd4dd5fa85b3938c13cd02c5dd5cd16cd85f41c31bc81aaf20cf622fb4d55c419b96c471b3d868982fb202d254b04434bd664e8ceff7

Score
7/10
spyware

Malware Config

Targets

    • Target

      New PO #0164522433 JAN 2021.exe

    • Size

      1.1MB

    • MD5

      1cbe8e5ddca661fc3239ffcb3b44b1db

    • SHA1

      1cc2dd369304b5ad81113b06cf7f73c75226cc4e

    • SHA256

      8ca38b4cf8849e7b7d18cc8afdae915c4dedc2f5aaca4b9a4fd57bdfd5e25a25

    • SHA512

      df833315d49687c0910e92c0f0cba2eefde3657d42b5b6ae7ab2929187d9857c4d45dbba9c253897a18c835c69b4dc44a58cb63f4a29757d75f4e893a81ad558

    Score
    7/10
    spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks