d5264a57d2e10b022f53138eb38f63e69c136ddf10765e69a9028d1b27a65881 | Triage

Submit
Reports

Overview

overview

8

Static

static

invoice.exe

windows7_x64

8

invoice.exe

windows10-2004_x64

8

Sharing

General

Target

d5264a57d2e10b022f53138eb38f63e69c136ddf10765e69a9028d1b27a65881
Size

280KB
Sample

220521-nxk7ysecd2
MD5

cfc4d2d074d9f8b1580c84e29389aeb0
SHA1

12cbaf28092e31f7512c6710b50475ad1e138124
SHA256

d5264a57d2e10b022f53138eb38f63e69c136ddf10765e69a9028d1b27a65881
SHA512

2c247536ed559c977895f8bd7edb2f7ce2df1c7e56b1aaa78726bf8938fd35a850edb8df6585241877304f079f3a865a61c05cc7b3c2ed571e2938c2fc255a73

Score

8^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

invoice.exe

Resource

win7-20220414-en

spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

invoice.exe

Resource

win10v2004-20220414-en

spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  invoice.exe
- Size
  
  543KB
- MD5
  
  eaea515875cf1cd7e30d1e673bdf394d
- SHA1
  
  81d2c5ad94b48db9f02d1f443d3e6b7df253708c
- SHA256
  
  52d60767d2ff5516a17a6a2a429dd47fd2dafa69a778e1da6129c7f1dd3eeae4
- SHA512
  
  ffa46f06ed3c2d98d69d1df12169b2308fcb5c1e4ea5d15b67f12ef408081421fe9817be6baf0862d78f9b3f923c504226897bf89255ba592c394f0f12046ef1
Score

8^/10

spyware stealer
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy