2935e73a76b190dc5d81ecec475f9b1559e61fdff3f56e9c52f7dcde6a0b9627 | Triage

Sharing

General

Target

Fwd_USPS_Expected_Delivery_on_Monday_2023.zip
Size

175KB
Sample

230322-r1s9hsbc5t
MD5

5809aa2a0fb4a5127880b78d586cedf1
SHA1

de60b5899e0376294bf31a2a73fa3c7dc654b359
SHA256

2935e73a76b190dc5d81ecec475f9b1559e61fdff3f56e9c52f7dcde6a0b9627
SHA512

df4673406ac4d36ebb480bfc12d26d10905f6e93858bd15ae6fd52c4deb0aa38ad8df0078540ed1e66e6ed847cc3991e4046643f286b766c493d8bf4ed378695
SSDEEP

3072:pvS4iXFtOlLaernXsFaoPTOXXfVtr8MR3hdXStCCkPzNML5A5TdML1XHxAXnLOCS:UXYL1bcwIovIQvS5k7CL5A5TyLdHenLI

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  Fwd_USPS_Expected_Delivery_on_Monday_20231111.bat
- Size
  
  235KB
- MD5
  
  fb5791ff7ad2148b8df7a4e351e46842
- SHA1
  
  55b68f7462e2c034ad3220b1096578c9a8697a34
- SHA256
  
  f590b5d9c60f27f88ee136632a4b34d037ff271dc55275b4cff859bd48eb06f2
- SHA512
  
  8f42f02f8c09c35f491b62ed30e26ae413c9a9c2e20d473bb8d8724f1446f95a62a1e91d77e7d0abfd0053f9fa26f2080bfbf9df5123f81f5768c543c9b8a790
- SSDEEP
  
  3072:oE7glwQ922cFBB5HM5cez7osBGlCipzFqVlk3tIexSnj+wVC1UbweKeWDZmTrr/M:nglwK22KBBIceQsBGysxxcgXZwrr5MZX
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2