81a48f67c7805ecf8ee47f17999208a9a116fca844d8dff8dbf12f66f4c91445 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

DHL Invoic...KE.exe

windows7-x64

7

DHL Invoic...KE.exe

windows10-2004-x64

7

Sharing

General

Target

DHL Invoice_UTJU1GTKE.exe
Size

816KB
Sample

230724-gvlblsag8t
MD5

cfa11d0ca5431483e455233e003a3609
SHA1

06e622d802ef9dfe6582cb75e4076d5749d50b65
SHA256

81a48f67c7805ecf8ee47f17999208a9a116fca844d8dff8dbf12f66f4c91445
SHA512

e08a164355b6a483b14e6c24fffa160bc424ff5ddaf72f79328dee91ca98e93eb1062a262cf8e58fd06b9b743af1ba02aa4e1259c88b6e488aeffc1082584957
SSDEEP

12288:jevJRBusyO3oXl4UVSZiIC38gOBJcqVuHppBJLZEZjtjq0y+Oq:UFuHl4UVS7G8gUcqyWjtumOq

Score

7^/10

collection spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

DHL Invoice_UTJU1GTKE.exe

Resource

win7-20230712-en

collection spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

DHL Invoice_UTJU1GTKE.exe

Resource

win10v2004-20230703-en

collection spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  DHL Invoice_UTJU1GTKE.exe
- Size
  
  816KB
- MD5
  
  cfa11d0ca5431483e455233e003a3609
- SHA1
  
  06e622d802ef9dfe6582cb75e4076d5749d50b65
- SHA256
  
  81a48f67c7805ecf8ee47f17999208a9a116fca844d8dff8dbf12f66f4c91445
- SHA512
  
  e08a164355b6a483b14e6c24fffa160bc424ff5ddaf72f79328dee91ca98e93eb1062a262cf8e58fd06b9b743af1ba02aa4e1259c88b6e488aeffc1082584957
- SSDEEP
  
  12288:jevJRBusyO3oXl4UVSZiIC38gOBJcqVuHppBJLZEZjtjq0y+Oq:UFuHl4UVS7G8gUcqyWjtumOq
Score

7^/10

collection spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectionspywarestealer

behavioral2

collectionspywarestealer

© 2018-2024

Terms | Privacy