1da8fcc32f4f2d3b8752597285db545de098467244270a7ebb54dae559bbdb01 | Triage

Sharing

General

Target

07102023_1027_06102023_PO#206,pdf.gz
Size

619KB
Sample

231007-cxffxsbb59
MD5

22bd2cddb2871a339c37ab3421788192
SHA1

03d058e718654b88c206de07878c9a1d16cce4db
SHA256

1da8fcc32f4f2d3b8752597285db545de098467244270a7ebb54dae559bbdb01
SHA512

0d75e33a93ceaa8dcbcbc2606c20e1229a2ee0b313a20048358e4f09fb73a8f1fc56ffe8d7ae7945241eae6838406744cab81c17785a27e6dec921c991908939
SSDEEP

12288:IevEXZrtMoqMGjqyW21gfNaTNtSZYtFwXTPqg46+So5VU3fffykf2VAPeu:ICOZJMoq5WnFaTLwjVJor62Voeu

Score

10^/10

spyware stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.mehraeinpars.com
Port:
587
Username:
[email protected]
Password:
Mohsen1368

Targets

- Target
  
  PO#206.bat
- Size
  
  670KB
- MD5
  
  71a5e9765d21f44be67c03f5d9b474ac
- SHA1
  
  1b661b94b79e92430b140c6b92c8355b000523f0
- SHA256
  
  3e8dfaa2f6b9fae6821d6511889fe782894229b4c5764aed287efacc821c03dc
- SHA512
  
  812f30d60ddbe3dbcb15efef9aa45e73456f8bf70348d87c229a5c3e1bd6b882ea8b005424d90e0a9b9a9cac91bcaabd6d1dfc00f54f5b4e0cd4709a540f1d9f
- SSDEEP
  
  12288:Pic7s9KwTGC4LDETgleyWIHKfNaJNfSZYtDwthPyg4K+6EsGyscS:Pic7s9KwuhWpFaJNw/7nEsGP
Score

10^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2