Overview

overview

10

Static

static

3

COTIZACION.exe

windows7-x64

10

COTIZACION.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    COTIZACION.exe

  • Size

    892KB

  • Sample

    231011-t21fbsca35

  • MD5

    5472bdb4a19f4aeb9a21f8d29e007a4d

  • SHA1

    e62603099d80858b883e03bcb382d6ebc7c1b465

  • SHA256

    1890dfadf428c5c686f1166c360cf2a49c15ee73d32a35af1e76dff9efc155d3

  • SHA512

    f87eb8dc2047d404fedb1fc3bfbdc6bb9a903145c381a2a7729282655e3192c8a7d3ee4054f34699d1b3257424ae993004ec2d42a8ada7ef487b993d3121e151

  • SSDEEP

    24576:QztUdbCkAEca3MW6PiAItmndz7JELoiRBlRpE:Q5IMW6WtSB1E0iRB7pE

Score
10/10
spywarestealer

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.grupoasiste.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    3xa!sC56b!w6PgF

Targets

    • Target

      COTIZACION.exe

    • Size

      892KB

    • MD5

      5472bdb4a19f4aeb9a21f8d29e007a4d

    • SHA1

      e62603099d80858b883e03bcb382d6ebc7c1b465

    • SHA256

      1890dfadf428c5c686f1166c360cf2a49c15ee73d32a35af1e76dff9efc155d3

    • SHA512

      f87eb8dc2047d404fedb1fc3bfbdc6bb9a903145c381a2a7729282655e3192c8a7d3ee4054f34699d1b3257424ae993004ec2d42a8ada7ef487b993d3121e151

    • SSDEEP

      24576:QztUdbCkAEca3MW6PiAItmndz7JELoiRBlRpE:Q5IMW6WtSB1E0iRB7pE

    Score
    10/10
    spywarestealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks