Overview

overview

8

Static

static

PO-2200230_pdf.exe

windows7-x64

8

PO-2200230_pdf.exe

windows10-2004-x64

8

Resubmissions

02/02/2023, 14:10

230202-rg7mssdb57 8

02/02/2023, 08:56

230202-kv1m3sff56 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    PO-2200230_pdf.exe

  • Size

    442KB

  • Sample

    230202-kv1m3sff56

  • MD5

    d435e40e23adb026097ced4361aed483

  • SHA1

    8e94de6cbcd2e8c83748e725008d7aa582530680

  • SHA256

    580e90650f19c14aedf7922ba6305412fd2c041144591d22456a753885aafcda

  • SHA512

    1d4f8efd3b4d119b2156e54b7e5a012d5aa7564602c50123f0c91f7826091268eeda3ad6b6a99ca841c9c154ab36e7468d3b71c998b72dcab9b2489314552110

  • SSDEEP

    6144:wYa6bDdD9PpjOovpV6XCx9XzEZazURQZbQ+AyTjsXB0RvXWKXVuLsk1ACVZrVpr9:wY1R9wEdZU+AqRvGKX8/LVprsNJGH

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      PO-2200230_pdf.exe

    • Size

      442KB

    • MD5

      d435e40e23adb026097ced4361aed483

    • SHA1

      8e94de6cbcd2e8c83748e725008d7aa582530680

    • SHA256

      580e90650f19c14aedf7922ba6305412fd2c041144591d22456a753885aafcda

    • SHA512

      1d4f8efd3b4d119b2156e54b7e5a012d5aa7564602c50123f0c91f7826091268eeda3ad6b6a99ca841c9c154ab36e7468d3b71c998b72dcab9b2489314552110

    • SSDEEP

      6144:wYa6bDdD9PpjOovpV6XCx9XzEZazURQZbQ+AyTjsXB0RvXWKXVuLsk1ACVZrVpr9:wY1R9wEdZU+AqRvGKX8/LVprsNJGH

    Score
    8/10
    spywarestealer

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks