Overview

overview

7

Static

static

3

Pillager32.exe

windows7-x64

7

Pillager32.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Pillager32.exe

  • Size

    132KB

  • Sample

    240710-rz5k6atbrr

  • MD5

    d50a3bd841116bf8e7b37268a56a5caf

  • SHA1

    5dc5570a6c04a08cda97d61f330e8360f001a38e

  • SHA256

    367fd40edb75d6ae96ab9337a0688a0c710520b8e9687ad3b69863f93375e0f9

  • SHA512

    9448b9e034693d793df31d00bf1ce662743230ec42a68b794a411a7ddfbc58c4dc2cf85715c0fc2ffa0c7cc294d53d2d8887da9b651411ec0ecd4b3290cc0ce3

  • SSDEEP

    3072:2XGBC/lW8eCQUoGiFffkqlNyqrH5JUWsv4D6wN9l+:A/lWFLUoG+Iqr7Ug9l

Score
7/10
collectiondiscoveryspywarestealer

Malware Config

Targets

    • Target

      Pillager32.exe

    • Size

      132KB

    • MD5

      d50a3bd841116bf8e7b37268a56a5caf

    • SHA1

      5dc5570a6c04a08cda97d61f330e8360f001a38e

    • SHA256

      367fd40edb75d6ae96ab9337a0688a0c710520b8e9687ad3b69863f93375e0f9

    • SHA512

      9448b9e034693d793df31d00bf1ce662743230ec42a68b794a411a7ddfbc58c4dc2cf85715c0fc2ffa0c7cc294d53d2d8887da9b651411ec0ecd4b3290cc0ce3

    • SSDEEP

      3072:2XGBC/lW8eCQUoGiFffkqlNyqrH5JUWsv4D6wN9l+:A/lWFLUoG+Iqr7Ug9l

    Score
    7/10
    collectiondiscoveryspywarestealer

    • Reads WinSCP keys stored on the system

      Tries to access WinSCP stored sessions.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks