Overview

overview

7

Static

static

3

Covid 19 I...ps.exe

windows7-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    2c464648ff97fd39dab054d0c3e1bd249e244fcc975b697e312796669c7763f1

  • Size

    368KB

  • Sample

    230531-pn13gsfc3z

  • MD5

    51b7f0213cb2945d42b88996761ce74b

  • SHA1

    b951e31564580aabf1bf1030365a8fdcbfcdb23b

  • SHA256

    2c464648ff97fd39dab054d0c3e1bd249e244fcc975b697e312796669c7763f1

  • SHA512

    fcecfe5152f8a2d3d2f4b4fd417a7b3ca21d261cd0d4511a5f00263ed410df8a9a04cb3c13d2aee6264325bb7572da08b7fc73a791466ffedd8b46a078f65d9a

  • SSDEEP

    6144:C5iqzA3Z+d2E+FX3IxLPvLEX/SvXeP4xeAneXWRF+aWKvU+b0vB1u3N1ayT:AiqgFE+FX3kboX/S2P44Aq5aVvUn10N/

Score
7/10
collectionpersistencespywarestealer

Malware Config

Targets

    • Target

      Covid 19 Immunity Tips.exe

    • Size

      388KB

    • MD5

      76fffeef410bd6b633c09c0f6529891d

    • SHA1

      774a51b0b07a7c606672a669fca5939b25b53e66

    • SHA256

      e4e5c3a6c15beff4e17117075e2c0bd65f176d81e6885134d2b4d97c20d4773a

    • SHA512

      1fca78852d9ba98ae4ee2ade1694038e6da6fa2d1e29a82e859f6963d6d86b4247da70c7f9780e0ea36f7f7dff178de9c55a450e528c30a073ebbff94423a3d4

    • SSDEEP

      12288:HTYFk+FX3k1xJo2X/S2v4WAqhafvUT1Pk9J7y:Hck+RMxJX/S2vOgaf6c

    Score
    7/10
    collectionpersistencespywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Enterprise v6

Tasks