9cb661b1f78cf3ceac3180905e15fb7d2b38e8e4c3f75acedff622aff845a449 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mkhg_EPC TENDER.zip
Size

339KB
Sample

230922-q9pf9aac84
MD5

ba41506e01c59c6bb67dcefb23b8123c
SHA1

9f6753f9f4d9878679984510bbdc9409b9083b62
SHA256

9cb661b1f78cf3ceac3180905e15fb7d2b38e8e4c3f75acedff622aff845a449
SHA512

59f67307378726e49d92d38cfe72e4ccd86903da7af27e00337a4ae89eb67ae74cef830338c5ea273b6c0ea1d786ca19507536c89770f23b0b1aa7d9c69fbbc3
SSDEEP

6144:/EMM4G/VF/rZpTlzstH8Xk8pJmmiUD0Dh0FhHIWGofPjEm6vl:8MM4GL1pTlYtH8Bz/CWFhQG7DI

Score

8^/10

spyware stealer

Malware Config

Targets

- Target
  
  EPC TENDER.exe
- Size
  
  353KB
- MD5
  
  4adea75a0a74085c78eb9b667a3ca9c3
- SHA1
  
  80c4633294d2050babdf4d3b90cce50116cda2d2
- SHA256
  
  e7839904b99e328161d7f123988533690004fc14425322a8e34dbc5893f0b92a
- SHA512
  
  e05682cd4eca052af828175505bb2a269202d65ac1fa39c8a5076c2bdc83116d1c654b0f5dde1e9f47809b3e0cb973164e18145c2448938e5e354ed5a4f5cb82
- SSDEEP
  
  6144:vYa6NhdtFxrZpTlHstH8Xk8pHwmiUD0DH0FhHIWGofrjEmxvB:vYLrrjpTlMtH8BV5QUFhQG/Dv
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2