Overview

overview

8

Static

static

invoice.exe

windows7_x64

8

invoice.exe

windows10_x64

8

Resubmissions

15-01-2021 12:26

210115-a3nn9s19sj 8

13-01-2021 13:59

210113-3yvrvt2h76 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    invoice.exe

  • Size

    605KB

  • Sample

    210115-a3nn9s19sj

  • MD5

    9d1c09ccad422151959b7f47a88e70bf

  • SHA1

    5766569901c1a6c583f3dbde63b6971ecbe7b129

  • SHA256

    514a2e1ebfc231e3bd8275f2f51023e418deeb2aeda808dd35e8317424370a30

  • SHA512

    bd5e2693d8aa553225479010a1f78c1643478ca8a83139faefa68aae353dd8e92d084436d0a7c259f00d1564d8a0d302a808cbd6c43ed0cb6f669df1e49cbbd7

Score
8/10
spyware

Malware Config

Targets

    • Target

      invoice.exe

    • Size

      605KB

    • MD5

      9d1c09ccad422151959b7f47a88e70bf

    • SHA1

      5766569901c1a6c583f3dbde63b6971ecbe7b129

    • SHA256

      514a2e1ebfc231e3bd8275f2f51023e418deeb2aeda808dd35e8317424370a30

    • SHA512

      bd5e2693d8aa553225479010a1f78c1643478ca8a83139faefa68aae353dd8e92d084436d0a7c259f00d1564d8a0d302a808cbd6c43ed0cb6f669df1e49cbbd7

    Score
    8/10
    spyware

    • Drops file in Drivers directory

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks