ef146e82d7ce82f08861801b9b4d0e41d7ecd348075a8e2605c2783964ef0355 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

TTWireConf...df.exe

windows7-x64

7

TTWireConf...df.exe

windows10-2004-x64

7

Resubmissions

20-07-2023 09:07

230720-k3sx7sfd4w 7

20-07-2023 09:04

230720-k12gkaef72 7

Sharing

General

Target

TTWireConfirmation_20230720 pdf.img
Size

90KB
Sample

230720-k12gkaef72
MD5

e305c31bd97b9063c987ad21e19987ac
SHA1

a0cd282e6eee36fb5f666dcc1105f64053f6b391
SHA256

ef146e82d7ce82f08861801b9b4d0e41d7ecd348075a8e2605c2783964ef0355
SHA512

685947cdcef4a15841b3f2473facc7e71f325120e2032bab8d742755e6300e8a77bba362d0ae03c8b3d9582e3f949fec30829d2371aca55b03265c4956576a3e
SSDEEP

768:UwmNwmsZzeRDK3EaC8l2hP3SScNY8cfRqTuM+1+I:UwmNwmsZzCDK3Eaqh36G8BTugI

Score

7^/10

collection persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

TTWireConfirmation_20230720 pdf.exe

Resource

win7-20230712-en

collection persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

TTWireConfirmation_20230720 pdf.exe

Resource

win10v2004-20230703-en

collection persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  TTWireConfirmation_20230720 pdf.exe
- Size
  
  40KB
- MD5
  
  6577e3088e19e789d8cdc328c5c5fe21
- SHA1
  
  dabd810e66018ff0b27c891f358fe413e8891fbd
- SHA256
  
  177f753bd39be134d1eb4298663f3dfc9d6291a9d6ed56df851604800ae0d5b6
- SHA512
  
  f685c5f09f5be1ec031ba3e4e2990e34b5fa5063e5290da36ac3669f591fffc9a3f95e04bd00ea1e77e68692ae270756438a70dd836291f4e96ed33addb49d0f
- SSDEEP
  
  768:LZzeRDK3EaC8l2hP3SScNY8cfRqTuM+1+I:LZzCDK3Eaqh36G8BTugI
Score

7^/10

collection persistence spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionpersistencespywarestealer

behavioral2

collectionpersistencespywarestealer

© 2018-2025

Terms | Privacy