General

  • Target

    https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000274&utm_unptid=8976391c-700f-11ed-b1d3-40a6b72906a0&ppid=RT000274&cnac=US&rsta=en_US%28en-US%29&cust=&unptid=8976391c-700f-11ed-b1d3-40a6b72906a0&calc=f848142e80f1a&unp_tpcid=invoice-buyer-reminder&page=main%3Aemail%3ART000274&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.128.0&xt=104038%2C124817

  • Sample

    221129-w7glhshb8x

Score
8/10

Malware Config

Targets

    • Target

      https://www.paypal.com/us/webapps/mpp/paypal-safety-and-security?v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000274&utm_unptid=8976391c-700f-11ed-b1d3-40a6b72906a0&ppid=RT000274&cnac=US&rsta=en_US%28en-US%29&cust=&unptid=8976391c-700f-11ed-b1d3-40a6b72906a0&calc=f848142e80f1a&unp_tpcid=invoice-buyer-reminder&page=main%3Aemail%3ART000274&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.128.0&xt=104038%2C124817

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks