36362a90169cfe188fba75b025ed6b438d7a2ee5a07ad5953d1482244bf16413 | Triage

Submit
Reports

Overview

overview

9

Static

static

Payment sw...df.exe

windows7_x64

9

Payment sw...df.exe

windows10-2004_x64

9

Sharing

General

Target

36362a90169cfe188fba75b025ed6b438d7a2ee5a07ad5953d1482244bf16413
Size

1.2MB
Sample

220520-2kw1ksfec6
MD5

358c7c43406b70b8c1d217663672f416
SHA1

173c4665e9d46a960fccb683baebac07d23355da
SHA256

36362a90169cfe188fba75b025ed6b438d7a2ee5a07ad5953d1482244bf16413
SHA512

8aba0de085d642d588ab23d94c03b5ba557ac57b888c3088482b44fd715e8f605d7c4a8cbd070fdfb145728bc8b83a9e2dedec9511e247e0a2f9384db6e3281d

Score

9^/10

evasion spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Payment swift copy.pdf.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Payment swift copy.pdf.exe

Resource

win10v2004-20220414-en

evasion spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Payment swift copy.pdf.exe
- Size
  
  1.3MB
- MD5
  
  db30aa1c0eb9d07f3e7e966acc690898
- SHA1
  
  4495b0f386ee54919a46aa911ddc1b4931ca2d8a
- SHA256
  
  5176a48afec98e65c46b54977d76a78f20d8bd4333ca64285495a05862d6749b
- SHA512
  
  2df235a40d63efb26903e4b494959a7daef059985d3043d34eaa2aa2e3103c0e187bc9def392e3768580ff4ce6aab098a79af105c423bf0bd5b601f8232aa047
Score

9^/10

evasion spyware stealer
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywarestealer

© 2018-2024

Terms | Privacy