Overview

overview

7

Static

static

3

INVOICE_.exe

windows7-x64

7

INVOICE_.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    invoice copy.img

  • Size

    1.2MB

  • Sample

    230815-y8gn1sfe2w

  • MD5

    0387ab4b6b5cc4cca1b4cf51d0356c4e

  • SHA1

    f25f441bfc43fbf2b7199e3bfbd849ab7f07725c

  • SHA256

    9298465571a4a3e1edd7c7cbe93b40b00325c6a0ad5c3bca897e78fc0da1c137

  • SHA512

    56acbf68a6af1836b7448de9833cdb1287030b0ac13e114682cd5cd008f9abccc52d10e6e7999fb3d86fc7c9790a4d3bf72cbdee71e00c99bf6131e24c07de97

  • SSDEEP

    12288:6yHaV/Oe9Dfw13SO7oMeK/6RSs3XFvKkA3BgfTQtGHDyKDcQR:6yFepYiOfsR3XFvqxUTQgHD

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      INVOICE_.EXE

    • Size

      601KB

    • MD5

      505bfbffcb637df3a1f6fda75a35d488

    • SHA1

      d12ad2b4c11e717e6720f15ee578de7ab065a56f

    • SHA256

      d78769b26e77516795f357967d1ebac5921db94f4a84185386672c550a498be6

    • SHA512

      7f12883bd1767fcd8578ca9adc61a65886d4830955bb2d2e48306bb41cb42dfb241ebdd8a673586cd54ff49e7469db896d50f19ef4b2f1e57a5f1e40e407ef0c

    • SSDEEP

      12288:/yHaV/Oe9Dfw13SO7oMeK/6RSs3XFvKkA3BgfTQtGHDyKDcQR:/yFepYiOfsR3XFvqxUTQgHD

    Score
    7/10
    spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks