Overview

overview

7

Static

static

1

RW-TS-Paym...81.exe

windows7-x64

1

RW-TS-Paym...81.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RW-TS-Payment204_A3084_04893_D4084_Y5902_CE3018_S4081_W30981.exe

  • Size

    654KB

  • Sample

    240703-n9qm7sshje

  • MD5

    a9c58121c9cd1568a44acaba531823e0

  • SHA1

    8d60d577bad58094d3674d4a34f8d5d68d5d3ab9

  • SHA256

    ca9290e039e90f5b8c5b028f2153aec63e715ece4f200fc4fb5e06da5c865aa2

  • SHA512

    94ee39a5adfae346d78c85b13757d6e60a9cf14c537c02d2bdb36461d704c2ac1eb9a90e1fcc1741792085dd7a0beaa125ca26b95c5c7c6cfbe4cac6704d5789

  • SSDEEP

    12288:jITPVidCQdvxPR8dwceN6Ckn/q3m2Ta0O+P:jITuvxPR8acq6C0/Y/e0Og

Score
7/10
collectionspywarestealer

Malware Config

Targets

    • Target

      RW-TS-Payment204_A3084_04893_D4084_Y5902_CE3018_S4081_W30981.exe

    • Size

      654KB

    • MD5

      a9c58121c9cd1568a44acaba531823e0

    • SHA1

      8d60d577bad58094d3674d4a34f8d5d68d5d3ab9

    • SHA256

      ca9290e039e90f5b8c5b028f2153aec63e715ece4f200fc4fb5e06da5c865aa2

    • SHA512

      94ee39a5adfae346d78c85b13757d6e60a9cf14c537c02d2bdb36461d704c2ac1eb9a90e1fcc1741792085dd7a0beaa125ca26b95c5c7c6cfbe4cac6704d5789

    • SSDEEP

      12288:jITPVidCQdvxPR8dwceN6Ckn/q3m2Ta0O+P:jITuvxPR8acq6C0/Y/e0Og

    Score
    7/10
    collectionspywarestealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks