Overview

overview

7

Static

static

Sar Efilli...on.scr

windows7-x64

7

Sar Efilli...on.scr

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Sar Efilling Notification.uue

  • Size

    650KB

  • Sample

    230112-ngqgqsbe9x

  • MD5

    2ba052cd814c2ed4cc5ebde402d1f6b4

  • SHA1

    06dc09803f602eba66e878ee1a8317a4e8aa2fa6

  • SHA256

    45f89d329dff38e016a2303b9a40b398ce9c369f8e644d89ab0a6811da155288

  • SHA512

    0c0c84c603e3f688b3528a856a02442397b4204ff6a48d30a1ab59183191b1657ab23039c1178e5332bf125e3f76e342e506dd6d51296b26570a53b09b502f55

  • SSDEEP

    12288:yLKQnbPz9dTzjvzRqEMYrcccmoH8hUE3idzCBVVriTGbMDoLHy1P/kFBGwqoFSj:MnbP59z3RqEMYYccN8OE3ioBnHM8LHCL

Score
7/10
collectionspywarestealer

Malware Config

Targets

    • Target

      Sar Efilling Notification.scr

    • Size

      838KB

    • MD5

      f3c63f94ce63e79eef44c7dce59b2419

    • SHA1

      fa60ef80ba5806d14d2642f4e7dc3eebb8aa261c

    • SHA256

      43eec69da9e8a57261eaef3210e71dfe5e40ceb7516d2a7fe021b51c81ab4504

    • SHA512

      165d932a6ab7d9daecf2860a10fb33090cd5a916bc8d85a94768e91dca7b3d22b3c6c343a9994ebf627850076f9b30a53131ce8e8a3443628478f76977c778ec

    • SSDEEP

      24576:j+X+7NbxSNP9MoF1p0D0DY7UjSKIKTn6AL:pNbxSNjFQwDY

    Score
    7/10
    collectionspywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks