Overview

overview

8

Static

static

BL-SHIPPIN...TS.exe

windows7-x64

8

BL-SHIPPIN...TS.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BL-SHIPPING DOCUMENTS.exe

  • Size

    446KB

  • Sample

    230111-rrrz4ahb3v

  • MD5

    16adc1ddc372a6cb7d64700d26edcb72

  • SHA1

    f6445a0a8f3b33f171d291cb5957fdd0201e4c9f

  • SHA256

    81c0682751e0e809dc448f1bf8607a36c95840041de00cccd00032e066c6425e

  • SHA512

    784ba69eaed316d0dda71594b8d7139763f7ec2307d9cd09fc1742fd9798bee285f906856603aa15ca035b34a6dca655cb28db31f85f909374d234bc7aba3036

  • SSDEEP

    6144:AYa6RBgLagUpQmFiK40z85vc/AYO7go7dvb9b5:AYx26QVK40zVsgC/

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      BL-SHIPPING DOCUMENTS.exe

    • Size

      446KB

    • MD5

      16adc1ddc372a6cb7d64700d26edcb72

    • SHA1

      f6445a0a8f3b33f171d291cb5957fdd0201e4c9f

    • SHA256

      81c0682751e0e809dc448f1bf8607a36c95840041de00cccd00032e066c6425e

    • SHA512

      784ba69eaed316d0dda71594b8d7139763f7ec2307d9cd09fc1742fd9798bee285f906856603aa15ca035b34a6dca655cb28db31f85f909374d234bc7aba3036

    • SSDEEP

      6144:AYa6RBgLagUpQmFiK40z85vc/AYO7go7dvb9b5:AYx26QVK40zVsgC/

    Score
    8/10
    spywarestealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks