Overview

overview

7

Static

static

Specificat...LQ.exe

windows7_x64

6

Specificat...LQ.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Specifications_Details_20330_FLQ.lzh

  • Size

    624KB

  • Sample

    210721-6qbj4hkqge

  • MD5

    9f47d7fecb4794c475db8c10e2dfb22f

  • SHA1

    c508bc265b17c20866bd73c16136bd4dd5cd2d1e

  • SHA256

    ebee6aa23581694ef24a432fd0e09a5b150e9238f973ec62d182d6ca8c0b07e9

  • SHA512

    edd80ba2984e4d8e014a009d44c0e91b167f96f65a0bdd0271f1e881f4440777923bf4ec0fdb9ae0cf7369b87f79e3aa33864a82345852aecb04efecf67b32bf

Score
7/10
persistencespywarestealer

Malware Config

Targets

    • Target

      Specifications_Details_20330_FLQ.exe

    • Size

      799KB

    • MD5

      edbb2066fd9539e279bf48077b755a40

    • SHA1

      f914783d5d5aeeb95eda30a8c456624e471108a2

    • SHA256

      41f206a7e8b3c15642e6cfad479ae3f0972b82e57ec46a5ffd31e51954a81c6c

    • SHA512

      8c9fa977b79afbbe9a49f0bb3ee93479f4bb4b44211fac8c87beae2e8ca917c0c3be783ce6a0d1e268bf92b2ddd893454a86d13c95a732896206429e5cc98862

    Score
    7/10
    persistencespywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks