Overview

overview

7

Static

static

3

Invoice.exe

windows7-x64

7

Invoice.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Invoice.arj

  • Size

    627KB

  • Sample

    231011-k7cf1sdc4x

  • MD5

    82455a86364b6964b40305de26fcdf72

  • SHA1

    765de6f3161d5a5bbd6bdb3ea894240776d959c9

  • SHA256

    2be6bc35aead5478989067c24faa55a526fd50963397d2670877a386081d4190

  • SHA512

    3782c2c669f66c784012611d8df9fc1d753ca6c5ba679da6c69da5a655544b88e142ce21e19dec8d088a6283e2eb129b1fb9e73ecda21d4be3d1820ccce64ebf

  • SSDEEP

    12288:JnnQioEIjo1A7tj6veW3Wb8wOWROp9tRuUiL8nB0OMFqeCargF:JQio8A7sesW6WMpKgiOMPlrgF

Score
7/10
collectionspywarestealer

Malware Config

Targets

    • Target

      Invoice.exe

    • Size

      739KB

    • MD5

      84a3a971240a404f4e027ef8bcb537e0

    • SHA1

      191d6a666bfd500c9e4395dba6df0d31e5ef758d

    • SHA256

      c9ac4b57ab197ca158d440ad01a7c6eb3c70649d29df5f0bf51d71f8acbaad41

    • SHA512

      289419e270a1da517e487801113e0828a29606ddf5bbf2e1963f90afc138fe4217707b6fa85405f5fa5f3fedcc65381cf291047c02ee85e187972bac08deca48

    • SSDEEP

      12288:2J0WWObW8TL+hgRI46ctpJm7at6lehyTB3y8MTV3k/2ohUZGdf6yYXl2W:B45TL+SL6cpqshyRKpU/TUWf6yel2

    Score
    7/10
    collectionspywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks