a18b885844b376266798c1c4bca2f092a4954fb05c0eda63390a41891eaf4006 | Triage

Sharing

General

Target

_P07465535534.rar
Size

347KB
Sample

210423-lhmsjq6tgj
MD5

a2d3f48afaac8693c4923de6041ec9a0
SHA1

e782e128bfcc3df1859c06ec60a87587be607a3a
SHA256

a18b885844b376266798c1c4bca2f092a4954fb05c0eda63390a41891eaf4006
SHA512

d348b77588e8e8237e03d62a01757ddb20bba34e4be2571f42540b6a7809181e99b8665b5f714eb3a61ea7e670990db18a6d332aec7cb0f6731864887cb2774c

Score

7^/10

persistence spyware stealer

Malware Config

Targets

- Target
  
  P07465535534.exe
- Size
  
  425KB
- MD5
  
  cc3d70499f858056b3eb4aadbca22b90
- SHA1
  
  229b70fbddb9d3de9f42b241b30333141d5710da
- SHA256
  
  2f2bfbeae9af039db61d3b9f9adef3b5c0a1ef9635cc80510cac0d87f9aade00
- SHA512
  
  016fe9a10b8c87c028b05d9fb772505514f55af1138932a2cf7a9e7306ed148107ac509ae63bcf2ea72a2d5a7d941b4a530ec6511262d48dc90d049561a3e629
Score

7^/10

persistence spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealer

behavioral2

persistencespywarestealer