Overview

overview

10

Static

static

1

Nicht best...30.rtf

windows7-x64

10

Nicht best...30.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Nicht bestätigt 627130.crdownload

  • Size

    2.4MB

  • Sample

    230717-qe1k2aca85

  • MD5

    0af0eeaac65d4a12706157a59180fde6

  • SHA1

    42e4e2ccfcd54589ac89c02d5dc050e483c8b888

  • SHA256

    0ea61e3db99c96cf0b148d6f2ebab3ed8860c17be0298a7e5469330b0eecb7d7

  • SHA512

    9114d7907f9833531e9b3b63762388223101ed5e495b71f467351133906aff4a8eb4b9baca262ee80c8d74e91d457ee826f75b353801bff5a574ec965017d9d1

  • SSDEEP

    12288:WUr0OQL9/JcoDCubwbwl390KE83oqUxIhGUKKR+uQ6:9gOs9BcYCYV0n83ExIhGUKpuQ6

Score
10/10
persistencephishingspywarestealer

Malware Config

Targets

    • Target

      Nicht bestätigt 627130.crdownload

    • Size

      2.4MB

    • MD5

      0af0eeaac65d4a12706157a59180fde6

    • SHA1

      42e4e2ccfcd54589ac89c02d5dc050e483c8b888

    • SHA256

      0ea61e3db99c96cf0b148d6f2ebab3ed8860c17be0298a7e5469330b0eecb7d7

    • SHA512

      9114d7907f9833531e9b3b63762388223101ed5e495b71f467351133906aff4a8eb4b9baca262ee80c8d74e91d457ee826f75b353801bff5a574ec965017d9d1

    • SSDEEP

      12288:WUr0OQL9/JcoDCubwbwl390KE83oqUxIhGUKKR+uQ6:9gOs9BcYCYV0n83ExIhGUKpuQ6

    Score
    10/10
    persistencephishingspywarestealer

    • Detected phishing page

      phishing

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Adds policy Run key to start application

      persistence

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks