27b0811f1a22296d17285add8557ce3fbfd823f9de7e20cbccc55908d514eeea | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Payment Co...df.exe

windows7-x64

7

Payment Co...df.exe

windows10-2004-x64

7

Sharing

General

Target

Payment Confirmation Copy Euro 76,853.61.pdf.exe
Size

1.0MB
Sample

230822-hcb6naad88
MD5

7d376759740184c6feaa54d14329dd9a
SHA1

c2fc8cea39ffcd30bc574de61eb319e400f73c91
SHA256

27b0811f1a22296d17285add8557ce3fbfd823f9de7e20cbccc55908d514eeea
SHA512

28e9c14753fe4f43bb8ecbe984335aa25f9a639e8279c96d0ba39e5b3c617a1fb552c22f45b28335276e63c30693c402256ae7fc184ee9f9d073d607992b7037
SSDEEP

24576:RSwlCe9qhJYloDnvJwd4gapZKV0/vZtfBPuV6KIu8VPQ:nlCe9qhJYCDnhwdf0ZKCnZ1BPyCu8

Score

7^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Payment Confirmation Copy Euro 76,853.61.pdf.exe

Resource

win7-20230712-en

spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payment Confirmation Copy Euro 76,853.61.pdf.exe

Resource

win10v2004-20230703-en

spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Payment Confirmation Copy Euro 76,853.61.pdf.exe
- Size
  
  1.0MB
- MD5
  
  7d376759740184c6feaa54d14329dd9a
- SHA1
  
  c2fc8cea39ffcd30bc574de61eb319e400f73c91
- SHA256
  
  27b0811f1a22296d17285add8557ce3fbfd823f9de7e20cbccc55908d514eeea
- SHA512
  
  28e9c14753fe4f43bb8ecbe984335aa25f9a639e8279c96d0ba39e5b3c617a1fb552c22f45b28335276e63c30693c402256ae7fc184ee9f9d073d607992b7037
- SSDEEP
  
  24576:RSwlCe9qhJYloDnvJwd4gapZKV0/vZtfBPuV6KIu8VPQ:nlCe9qhJYCDnhwdf0ZKCnZ1BPyCu8
Score

7^/10

spyware stealer
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy