General

  • Target

    29fcb7e81428cb4cd932ccaf2ed0f61ef9d47853605c153a6de503d54009f11a

  • Size

    1.3MB

  • Sample

    210118-pfhrgzh6r2

  • MD5

    c05e8d23aee188ef1594e120bcb8a0a7

  • SHA1

    62352e85e273244d1179c1aa554c651ffaed75e3

  • SHA256

    29fcb7e81428cb4cd932ccaf2ed0f61ef9d47853605c153a6de503d54009f11a

  • SHA512

    3ca9dfb9393837c55b03804357ce7e0192c973ea2bf915f0c4c64df6074768458575c6863ee4a83da53e137507918356fc3a4d611a29ca2666b36729cdebd2f6

Score
10/10

Malware Config

Targets

    • Target

      29fcb7e81428cb4cd932ccaf2ed0f61ef9d47853605c153a6de503d54009f11a

    • Size

      1.3MB

    • MD5

      c05e8d23aee188ef1594e120bcb8a0a7

    • SHA1

      62352e85e273244d1179c1aa554c651ffaed75e3

    • SHA256

      29fcb7e81428cb4cd932ccaf2ed0f61ef9d47853605c153a6de503d54009f11a

    • SHA512

      3ca9dfb9393837c55b03804357ce7e0192c973ea2bf915f0c4c64df6074768458575c6863ee4a83da53e137507918356fc3a4d611a29ca2666b36729cdebd2f6

    Score
    10/10
    • Modifies system executable filetype association

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Change Default File Association

1
T1042

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks