e345954cfc37f2b5eac48dadcb5d9b21a48a2397f33b7115d3138d79c9caf903

Resubmissions

23-11-2022 07:00

221123-hsvb6sed32 8

23-11-2022 06:57

221123-hrfsdsec63 8

23-11-2022 06:54

221123-hpk94aeb83 8

Sharing

Copy URL

Twitter E-mail

General

Target

Impuestos-Documento_602959.rar
Size

690KB
Sample

221123-hsvb6sed32
MD5

5b0e80869eed42c23f5384817c04761f
SHA1

29d5e2bf179df514f8a6804bee7f27cc39408f4c
SHA256

e345954cfc37f2b5eac48dadcb5d9b21a48a2397f33b7115d3138d79c9caf903
SHA512

eaf7f8bb18463524c5f1ff372d4a9d0009e42d28d8252b4174ae9fd72c5c37d3447698af39ab27af2af89150a7e7188ec93b4ffe0010436653ed6ffc4f54e8a8
SSDEEP

12288:dQdAqYoJbEJLVi+/wECs8qeqEZe8h6nKivA1WDjavY:GdAqHbAjZyvBsKL1Wnaw

Score

8^/10

Malware Config

Targets

- Target
  
  Impuestos-Documento_602959.rar
- Size
  
  690KB
- MD5
  
  5b0e80869eed42c23f5384817c04761f
- SHA1
  
  29d5e2bf179df514f8a6804bee7f27cc39408f4c
- SHA256
  
  e345954cfc37f2b5eac48dadcb5d9b21a48a2397f33b7115d3138d79c9caf903
- SHA512
  
  eaf7f8bb18463524c5f1ff372d4a9d0009e42d28d8252b4174ae9fd72c5c37d3447698af39ab27af2af89150a7e7188ec93b4ffe0010436653ed6ffc4f54e8a8
- SSDEEP
  
  12288:dQdAqYoJbEJLVi+/wECs8qeqEZe8h6nKivA1WDjavY:GdAqHbAjZyvBsKL1Wnaw
Score

3^/10
behavioral1 behavioral2
- Target
  
  Impuestos-Documento.cmd
- Size
  
  1.4MB
- MD5
  
  f1e205f5c2af21d36963e2697e1e67d1
- SHA1
  
  4923fa8bb19691db6df989d8ecb06d0536c0f551
- SHA256
  
  2eb1053488d1655020ed6cbd8dc26040976573eb7e3b1aa92de19148111fc06e
- SHA512
  
  2283f1e25d492d07870b41f4c6090647170302f5f08d8cceb7b56942f74da8673e58753051349eb8455d6cdf1466a787b7b590a539599f59807a200d30f7c087
- SSDEEP
  
  24576:Mb0FVpeKWpAECJvaz35lCK1CjMzGbfJFQ9w9DI5Jb5ruQ3duLD:liKNtad10bQFhcLD
Score

8^/10

collection spyware stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral3 behavioral4

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Deletes itself

Drops startup file

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4