edce45ace91b67e02ce28d4f3eddc655c464de409a096e5d23c64233b49e6992 | Triage

Sharing

General

Target

edce45ace91b67e02ce28d4f3eddc655c464de409a096e5d23c64233b49e6992
Size

322KB
Sample

220521-m4pnaadac9
MD5

9ef7b5135d37bb010964193dba9c7e6c
SHA1

c4e857495d25eb1afc5e1e692f44a332435fcc28
SHA256

edce45ace91b67e02ce28d4f3eddc655c464de409a096e5d23c64233b49e6992
SHA512

34fccc4579d05efcf6b11cf835e609f1948a6adc6912c04aa1c94e2f1d7d74a0784a855db0dd902d98fe88a2b0b2dca74611f52793e2e0a4a473e5ee35399166

Score

7^/10

collection persistence spyware stealer

Malware Config

Targets

- Target
  
  Contract 0012190-doc.exe
- Size
  
  590KB
- MD5
  
  e4a9c3c1174a0169616bb28ca895031d
- SHA1
  
  94b2ce58c9081e114e7c508b807bef47314124df
- SHA256
  
  7fbbc53861d27c037953d846e4726b3e2f0a1a1b2508128ee400b138aeb1f3ce
- SHA512
  
  ca9328005e9236ab221e1072ac80e5aefe42d250f8536f4980b0dbde26a7e234378980f3ecf5acaa38d745468a828c99cea5c6c6e9e335487dc19c0b396a151d
Score

7^/10

collection persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionpersistencespywarestealer

behavioral2

collectionpersistencespywarestealer