Overview

overview

8

Static

static

CMA_CGM_FR...CE.exe

windows7-x64

8

CMA_CGM_FR...CE.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21117BF8DB1C12A093C951580C924FBB924A9F192F5C77ACA27309D122B0510C

  • Size

    293KB

  • Sample

    230104-tmbtesgg49

  • MD5

    72e28e2811535bada71fe55f16b2b100

  • SHA1

    ad23d80d343b7cbfc3c668626fcb1b82753e625c

  • SHA256

    21117bf8db1c12a093c951580c924fbb924a9f192f5c77aca27309d122b0510c

  • SHA512

    8af1248b852e212f9ed4e463756476339e369c310789d3a5c43abe68d4ed38fe79f2deb883560c2ca035683f0366d646385019aa5b00db225a811c240da4c8d6

  • SSDEEP

    6144:9mTxIq1+ERkEuF7aiBY78+WOL1dB4EmxTgR87nYTElg40aQ91FOuz0hTi/JuiuJn:sTxIqgE0FuiqjWOL95AXOz91FOBTixcn

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      CMA_CGM_FRIGHT_INVOICE.exe

    • Size

      451KB

    • MD5

      fed72359bb77169840555a508913b4bc

    • SHA1

      d94292cf1e41f55441381a15ae3d4525d1d1fa29

    • SHA256

      bd03ffb758b3a8283f18c63ab82fb33b10f7ef7cf2e5972ea4a8c6677f0cbea3

    • SHA512

      56c13682bebd6e39c867cee583d922b71ffca0090bb9cde5e43e6d2d0905f4e124dee3b41472907c86d30c9e1b37c973fb7d8410237daeed8edd2b3b4ae7b8ff

    • SSDEEP

      6144:gYa61jW0ERkSuFLaiBi78+kOL1dF4Em5TgR8VnYTalg40aQ91hOuz0lDi/JuxuJM:gYjzEUF+i0jkOL55qXWz91hOFDixZM

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks