015eced8eafc891bf37d69bd214db5dbf4aca5cba5093d6c3a2737e0c7a78ffb | Triage

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23-05-2023 06:04

Sharing

Report Analysis Logs

General

Target

FATTURA_1 (3).exe
Size

144KB
MD5

0ac56acf5c108d1980ec34dbdc3ae015
SHA1

829ae7f011efa35a778d311e6c69abc7a823e04f
SHA256

015eced8eafc891bf37d69bd214db5dbf4aca5cba5093d6c3a2737e0c7a78ffb
SHA512

e4e0bebeb2d554c061088f04de21ed4ba8f4ecee4a5b986fa6845781eee2b1441fa780ab8ea2d8a84b941aec8286a2469b69a94c5b6c2b431582c1c156b5efb5
SSDEEP

3072:1wOq0SXZIgpU97vZ7shqcccccccccc7w14IVyqc9XInobWwoMVcccZrqmCggbYHf:11a2rbW5ML0xXa0yGWi/p1IbS

Score

7^/10

spyware stealer

Malware Config

Signatures

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\FATTURA_1 (3).exe
"C:\Users\Admin\AppData\Local\Temp\FATTURA_1 (3).exe"
1⤵
PID:2008

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-54-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2008-56-0x0000000000320000-0x0000000000341000-memory.dmp

Filesize
132KB

Download
memory/2008-57-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2008-58-0x0000000000320000-0x0000000000341000-memory.dmp

Filesize
132KB

Download