Overview

overview

10

Static

static

5

file222.exe

windows7_x64

7

file222.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da88d30253ac87e5a230bd33ff3e89b66b8c8634d7541208bc3d77dec3b5b04f

  • Size

    971KB

  • Sample

    220521-mnt8tscba4

  • MD5

    05e36fe3e40fb7f3329c2183db1a6d9f

  • SHA1

    402d9981038ff5500caebb74ecbb2f5bb97046ca

  • SHA256

    da88d30253ac87e5a230bd33ff3e89b66b8c8634d7541208bc3d77dec3b5b04f

  • SHA512

    30df2aa56998b35c4fc76de859ac071bdd8bea3587ad54f560473d460317d328099b6dceabc74c19850234516840b601273dbe14508f059052a66544bf58dda3

Score
10/10
collectionspywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    zstcznz.org
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    makonyo@2017

Targets

    • Target

      file222.exe

    • Size

      1.4MB

    • MD5

      c9d56cb33b65cda35b2982afc41bc715

    • SHA1

      b1e5ea66b740109e438142b0db1bab5eb474c30e

    • SHA256

      69683827d1c627e34cd0c916bd53c3d1ab75c1bb48caa57543f1eaeb315f4f2d

    • SHA512

      058b32cb57eab4d3eb7d1d6b778421f1f1513b46cae03aa3fc98f7f3c9c0a85a4f47a398f054b6366d70285836e795b2fafe04133e1927934e028f271446ac3d

    Score
    10/10
    collectionspywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks