Overview

overview

10

Static

static

1

Book_PDF_a...32.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Book_PDF_a4_id_456543243432.hta

  • Size

    46KB

  • Sample

    240419-v4kckaag36

  • MD5

    5fbdd6357b961e941acd3c06ba2e867e

  • SHA1

    ac1f9b5ffd9c6fa8790bf235f73bd53f699c527b

  • SHA256

    f135e8b3678ef36330cc8e8f1986cf40d83fb4159c8d5363ba44b78d14f85f17

  • SHA512

    c63211263355c854c19964c37cd9857e08a90a694e087bfe6e5c1d35cc579ae75b9e5c5279172c8b24ce925a3476408ded33a32d09f7cc5b820e0cbd1dbb2907

  • SSDEEP

    768:2bang59+ttT+fEV8yEH445wBodvJdgg6i1UY8o53YH:2baXLWEXEp5wcdgziK/H

Score
10/10
spywarestealer

Malware Config

Targets

    • Target

      Book_PDF_a4_id_456543243432.hta

    • Size

      46KB

    • MD5

      5fbdd6357b961e941acd3c06ba2e867e

    • SHA1

      ac1f9b5ffd9c6fa8790bf235f73bd53f699c527b

    • SHA256

      f135e8b3678ef36330cc8e8f1986cf40d83fb4159c8d5363ba44b78d14f85f17

    • SHA512

      c63211263355c854c19964c37cd9857e08a90a694e087bfe6e5c1d35cc579ae75b9e5c5279172c8b24ce925a3476408ded33a32d09f7cc5b820e0cbd1dbb2907

    • SSDEEP

      768:2bang59+ttT+fEV8yEH445wBodvJdgg6i1UY8o53YH:2baXLWEXEp5wcdgziK/H

    Score
    10/10
    spywarestealer

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks