Overview

overview

7

Static

static

file-rfjd8...df.exe

windows7_x64

7

file-rfjd8...df.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43f7829929b19ce4720cd03c558b1492dca2328ae99aa8ea75ba203f37de3c57

  • Size

    322KB

  • Sample

    220521-m48fdsgbdl

  • MD5

    52396576479a77221155c195fe11741f

  • SHA1

    8c483585125afdfe6576bc353e505db7b21d7184

  • SHA256

    43f7829929b19ce4720cd03c558b1492dca2328ae99aa8ea75ba203f37de3c57

  • SHA512

    d36a8d4b1c32cd421363a43b552da32acfef6d5ee0f987766b2db4661df1aba72ef8ea966916d35b70294b0509551c2126bb6196d875e720f47a2e9690bea336

Score
7/10
collectionpersistencespywarestealer

Malware Config

Targets

    • Target

      file-rfjd81347_pdf.exe

    • Size

      589KB

    • MD5

      ab36441008e386cf0087ca356a373bd1

    • SHA1

      45e47082f52e6992d4e4d256ae0ca9ebf4ac0189

    • SHA256

      7501745bfca00a30575e2ea4219b88ef3d4b19ff684deefce5c50d329f9bfc51

    • SHA512

      c8b8e53ed72f79c448150a02c867275dc46fa3ff124d29aa129f54aa3a30321ae6a16342dbbae4bd846351b7c98d3917f0ca64127185b975f6060b22dd9c7987

    Score
    7/10
    collectionpersistencespywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks