Overview

overview

10

Static

static

ad03f5989e...28.exe

windows7-x64

10

ad03f5989e...28.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad03f5989eb133644bf447cfdcc2884cea36ad61781e11a21507cc6c0ace1e28

  • Size

    585KB

  • Sample

    221127-lg3qysfd98

  • MD5

    28e41b880c6c6a3694968d349e165ddb

  • SHA1

    b870581c5297030bea576016e5c14182890e61c0

  • SHA256

    ad03f5989eb133644bf447cfdcc2884cea36ad61781e11a21507cc6c0ace1e28

  • SHA512

    7fce1f850483d83b886757a8967240b78a8b1e133a62f74ae5b603ac11e17043690c634a51236d70cf73379c8bce93e5af2b4ebcd362e3f1589850417547d275

  • SSDEEP

    12288:APLpdAd2AvcFQoV14NmFZn3Zugh4mYyvzApwaniZ6iXWVDnvbVjl4:ApdcSJ4wFZJughpaliEMWV7Jja

Score
10/10
collectionevasiontrojan

Malware Config

Targets

    • Target

      ad03f5989eb133644bf447cfdcc2884cea36ad61781e11a21507cc6c0ace1e28

    • Size

      585KB

    • MD5

      28e41b880c6c6a3694968d349e165ddb

    • SHA1

      b870581c5297030bea576016e5c14182890e61c0

    • SHA256

      ad03f5989eb133644bf447cfdcc2884cea36ad61781e11a21507cc6c0ace1e28

    • SHA512

      7fce1f850483d83b886757a8967240b78a8b1e133a62f74ae5b603ac11e17043690c634a51236d70cf73379c8bce93e5af2b4ebcd362e3f1589850417547d275

    • SSDEEP

      12288:APLpdAd2AvcFQoV14NmFZn3Zugh4mYyvzApwaniZ6iXWVDnvbVjl4:ApdcSJ4wFZJughpaliEMWV7Jja

    Score
    10/10
    evasiontrojancollection

    • UAC bypass

      evasiontrojan

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses Microsoft Outlook accounts

      collection

    • Drops desktop.ini file(s)

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Bypass User Account Control

1
T1088

Scheduled Task

1
T1053

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

1
T1089

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks