3a7e9e3acce7084d991834a07d48907876ac05bfff985d1aa856f218d33c3f75 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

RFQ-IND23072113.rtf

windows7-x64

8

RFQ-IND23072113.rtf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

Target

RFQ-IND23072113.doc
Size

1.5MB
Sample

230816-sdey2sdd8z
MD5

79c4c36735d3c657aebb38413b4d1983
SHA1

06c8bd4fc23c4d932cb9efe3ee3cf28d906e8490
SHA256

3a7e9e3acce7084d991834a07d48907876ac05bfff985d1aa856f218d33c3f75
SHA512

1e5672a23d0c7a08af79520eb3218bcd60b197f8d7acc4b4664f42b3270301223908e64f312a3becb87abe1c81412d8ccaff1708a0e346bc62742033ba5caf23
SSDEEP

24576:rOKXMxJ1yZTr0b0LxqvkC/99AqCo/ElrKHLaHwLZURyYf3jYVkXmeKBuG66RnAbg:Y

Score

8^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

RFQ-IND23072113.rtf

Resource

win7-20230712-en

spyware stealer

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ-IND23072113.rtf

Resource

win10v2004-20230703-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  RFQ-IND23072113.doc
- Size
  
  1.5MB
- MD5
  
  79c4c36735d3c657aebb38413b4d1983
- SHA1
  
  06c8bd4fc23c4d932cb9efe3ee3cf28d906e8490
- SHA256
  
  3a7e9e3acce7084d991834a07d48907876ac05bfff985d1aa856f218d33c3f75
- SHA512
  
  1e5672a23d0c7a08af79520eb3218bcd60b197f8d7acc4b4664f42b3270301223908e64f312a3becb87abe1c81412d8ccaff1708a0e346bc62742033ba5caf23
- SSDEEP
  
  24576:rOKXMxJ1yZTr0b0LxqvkC/99AqCo/ElrKHLaHwLZURyYf3jYVkXmeKBuG66RnAbg:Y
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy