Overview

overview

7

Static

static

1

DHL Notifi...df.exe

windows7-x64

7

DHL Notifi...df.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    DHL Notification_pdf.rar

  • Size

    1.9MB

  • Sample

    230213-l3yn5abh3z

  • MD5

    fa28bfe4ee1dd72996774f1e8e06524b

  • SHA1

    7e75558da2478c68311fb29c331078316b5955a7

  • SHA256

    de8d23702e0e2dd07e0df01ba775077ff7a6918cb53dbb65680aea65054fd9a4

  • SHA512

    7e97d0bc7c53da4a381957313f141382f7481de96158e6b5b6b471cdfcc15c3cd9df88b19e65d19382c70f5bd1fd4b3532bf1783bd93320c0046b92edc780e9d

  • SSDEEP

    49152:Wyk3BjXUOQ0ErV39MtzQV/rWWNKG8sbCDMJ73Dhi:WVRjkkSetz4WOKjsbCDS73U

Score
7/10
collectionspywarestealer

Malware Config

Targets

    • Target

      DHL Notification_pdf.exe

    • Size

      2.1MB

    • MD5

      1e80fde95cf12cf57b944322804111c7

    • SHA1

      f13928786ff917ba35ade9d03d1fec4699b6bb63

    • SHA256

      bfa0c11853ee9aa5f20df491c68ebbd73aecc22b0192f5e964656b84dfc5ecf0

    • SHA512

      5aed92ab0c5b77fe1ef092e1528d0a8011bf73e75e402b040410d8ea5f1c613e58a22a737ce59f63e3a673817161eba36f5017f2e99374a19d3b55f0233c9824

    • SSDEEP

      49152:J9soUPxeF6wVWi0Tz5/MgcQF5aJ0DoX441h:aZwVWi0B/MJQF59oXD

    Score
    7/10
    collectionspywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks