Overview

overview

8

Static

static

1

Proforma Invoice.exe

windows7-x64

8

Proforma Invoice.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Proforma Invoice.exe

  • Size

    970KB

  • Sample

    230317-qnepxsad3y

  • MD5

    3379797c78848d3b80d7bb330381ffec

  • SHA1

    8942398a618db4a5a5bf3379e34bf4ecb6e1dc44

  • SHA256

    07843e27993206a92d9e0bfbb249332fcfedad068bec8f7f7f3f318654c7910c

  • SHA512

    55343d7b0bec63adc86534a659160d478ec0342d920b2a694c0e32fc34cb6cc70a5280a794a9c74a72790d165d34c993c1382b35e415e148fe0b38d34626cb1e

  • SSDEEP

    24576:pobVAYD998lRkBhd1lod8uukAdc6i4YzNbu:popAYD99yUv1lw81kAdti5hb

Score
8/10
spywarestealer

Malware Config

Targets

    • Target

      Proforma Invoice.exe

    • Size

      970KB

    • MD5

      3379797c78848d3b80d7bb330381ffec

    • SHA1

      8942398a618db4a5a5bf3379e34bf4ecb6e1dc44

    • SHA256

      07843e27993206a92d9e0bfbb249332fcfedad068bec8f7f7f3f318654c7910c

    • SHA512

      55343d7b0bec63adc86534a659160d478ec0342d920b2a694c0e32fc34cb6cc70a5280a794a9c74a72790d165d34c993c1382b35e415e148fe0b38d34626cb1e

    • SSDEEP

      24576:pobVAYD998lRkBhd1lod8uukAdc6i4YzNbu:popAYD99yUv1lw81kAdti5hb

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks