Overview

overview

8

Static

static

Fiscal_Eletronico.exe

windows7-x64

8

Fiscal_Eletronico.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    599c0f76705b6dd06b943bbc7eea222a01d813cce756f07e05e126c7ce743b12

  • Size

    12KB

  • Sample

    221126-kzf48saf5x

  • MD5

    c0555be2ecc8dbffe6e52c6c0d12c334

  • SHA1

    9977e2ddbab36c123fefa541df9554544fe916aa

  • SHA256

    599c0f76705b6dd06b943bbc7eea222a01d813cce756f07e05e126c7ce743b12

  • SHA512

    de206d312be937f4eab52f59bd87db92cdafde0d771e9895471a9b4b7053bd7301c0ef451687137f6be00be4c2c849ef4247461657d932c48df2a548c4c9cc4a

  • SSDEEP

    384:tihl3I60+gYGwEouu7m+EX6AbXqgt3jgnt0Rl:YH0FYfwu7MXtX7t3jQE

Score
8/10
persistencespywarestealer

Malware Config

Targets

    • Target

      Fiscal_Eletronico.exe

    • Size

      37KB

    • MD5

      79d4353d76a1e90e44cecfe752411da4

    • SHA1

      3a2d58473740dcafb2d5fc9d24ebaa608534eba0

    • SHA256

      bc5195bb7590b14935ccdcf2ca8d85c225ccd0c2f3822e65ebe90e9b011fe94e

    • SHA512

      f61fbb233a9a4bf4b878e72464aded2bad44cbc8110e1010a958a02de952ee20c8b057c385cd605ba45ed23a4b2a75f8374140a620ba0bd833abc45b5f5aed6c

    • SSDEEP

      384:XQzz1QFgyNn8pXDLf45TQfeyh8yF9Ur6J9djOA71PHy2bLf45sf6Qfz7NF8Fww8E:XQzzcgyN8pX3lB5J9xO6TflbtX

    Score
    8/10
    persistencespywarestealer

    • Executes dropped EXE

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks