Overview

overview

10

Static

static

8

text.txt ... .scr

windows7_x64

10

text.txt ... .scr

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    text.zip

  • Size

    28KB

  • Sample

    210727-frc7pe2pp6

  • MD5

    7b591118d686c2af9b70d56014017311

  • SHA1

    c83481393275c6c76fa1c792415f8b92b3c449d3

  • SHA256

    c4af8ae7f238af114538b7706ea95b97567fe661519d1510f951930b074ad948

  • SHA512

    48b6f64edfba04492934cd79d025cb3f85abf81ceac6f4affa4f8630076939ca62ed4ba849e5e8d625ad3ebffe24963949842cbf493b362f3b5952d7866e9b3c

Score
10/10
persistencespywarestealersuricataupx

Malware Config

Targets

    • Target

      text.txt .scr

    • Size

      28KB

    • MD5

      9b4b22e11a0531f44382e9031e28742a

    • SHA1

      d7b95d04f4a7aabbf96f7d492740e55c618fc9ad

    • SHA256

      f47c29a4a7756b6635363f5e520a2c4b638777705580217d9d5ffb48ae4d7cd6

    • SHA512

      5a851bbf0bad740a2a6ee08bf5fc606ea308522e158bf9906e7086c4e4b8fa9ba667e46abddf5052f11153eebf970dc4b8fef7824aae910bb127e8b220f2f9b8

    Score
    10/10
    persistencespywarestealersuricataupx

    • suricata: ET MALWARE Suspicious Email Attachment Possibly Related to Mydoom.L@mm

      suricata

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks