62acd79c7dc958a3c102375f30d0a16d1b0d6a838e5bc1e65ab00dbce32d717f | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Payment invoice.exe

windows7-x64

7

Payment invoice.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

62acd79c7dc958a3c102375f30d0a16d1b0d6a838e5bc1e65ab00dbce32d717f_JC.rar
Size

617KB
Sample

230821-vys3hsef79
MD5

0281ec7f05443bc4a9f7361dc464d625
SHA1

ca7918fe8ff037cc2d585b9202bda5cbfe715854
SHA256

62acd79c7dc958a3c102375f30d0a16d1b0d6a838e5bc1e65ab00dbce32d717f
SHA512

0538880c93526c9b4a68e04b311f4484230ef953cc513b1d52d4282bae733ff5ea7b8cb88533e05e1f89068f36c3d4ec7cbf0213b256a008b4448fcf89b8d364
SSDEEP

12288:z1AlqyiihyDfHnDNOdOQVHx2E9av2Kq1fUsnypbbrpZ4uk9R3dfD:z1ACihyDHpAnb2E7VGV9kRfD

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payment invoice.exe

Resource

win7-20230712-en

spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment invoice.exe

Resource

win10v2004-20230703-en

spyware stealer

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Payment invoice.exe
- Size
  
  726KB
- MD5
  
  f7cf3d8ffbcb3969be7fb179bf6cc58b
- SHA1
  
  03c760138144fb6ef7e6925f86cc5113e3725aff
- SHA256
  
  b8bfa96db841cb95723f5f8645e58d69ca63ecab0cdd50d08ebeb864ec66ae61
- SHA512
  
  dff0558dc60489c0fe13f88863c1e362af0542f676b4b7d826a4a7a315376b4033daff9f1a4196dc50b0692556bbc1afc45e7ad694f31479add78cc6aa9229ef
- SSDEEP
  
  12288:j2iNsXDl+CEaJmZNGjeDDkXqmBjTZRtcwWgemyt9+p0jEj:j1g7uNK/xQmDaY0o
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy