Overview

overview

7

Static

static

3

New Shipme...00.exe

windows7-x64

5

New Shipme...00.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ffdac5a377791514ae4ed688f3c18f6389f6ff6f6e5214aaee798214139998a5

  • Size

    622KB

  • Sample

    231226-b4mm5scdek

  • MD5

    7207afefdf37de4c4fbfe4a231e26dbe

  • SHA1

    de49f4b172a7e01b28f1886e97c38c261ff68e42

  • SHA256

    ffdac5a377791514ae4ed688f3c18f6389f6ff6f6e5214aaee798214139998a5

  • SHA512

    1e051f4ede2875fc2fa83656ae6e25190f33572f2461bc985396d976be93d7989cff02f2159909d09589a270475ff7f42264d0047fb42d11338ae5a7a8eac495

  • SSDEEP

    12288:7CNjkd+kCsUgLLryTF74d4UHC1ctVhdEbWR9rXoGgwn+qJkrHponpREBjc4I:mnkCfgzyTDUicbhlR1oQRkFanExI

Score
7/10
spywarestealer

Malware Config

Targets

    • Target

      New Shipment_ Adv. Rv-Qm568000000.exe

    • Size

      867KB

    • MD5

      fd7cfdfeaf57a1b11b2d78d47f75e570

    • SHA1

      350256377cd5cca2f612a4cc85bac6792b92ea98

    • SHA256

      36324286b61f333964ef0c5ae8ef3fbf326e2ba3cb24f77c1a9e2b756841d412

    • SHA512

      040ffc75807e88bd991b0b42727ed7cbced869f34cac1e9857b9b28925ccc294bdf86f45238522f0344c0b1d9d80d3472f24a06c20e3de7123995bfdd157b57a

    • SSDEEP

      12288:LoBi+5tRXUVUpWg7RQQRlzIWvpd21Ce3VZ+WKNPW0hTF8TS+ujfwk:LD+5ttb7RplU8pd21Cq4dNPW0Vimjj

    Score
    7/10
    spywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks