Overview

overview

9

Static

static

5

Our Ref 40...84.exe

windows7-x64

9

Our Ref 40...84.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Our Ref 4004986984.exe

  • Size

    1.2MB

  • Sample

    240814-qsynlavcqe

  • MD5

    30d77def02eb2b3eab84bb0b29c937d7

  • SHA1

    3dcb76d2b4696e2ab9c74525bf896f619465eadf

  • SHA256

    aac06648da594e367dc05c913263c6e07dd04807a3c9fb3259e76643fd79e0a0

  • SHA512

    9316919a068f9c5b5ca593daff7776017404715809d5883d50eee8ea134e2b8a46f71303bb6b7019141389fb1b6818a903a104368ef4c935cc6de4de111f416c

  • SSDEEP

    24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8avT4znxKL1eqvZaN:ETvC/MTQYxsWR7aL4zxKL1eKa

Score
9/10
collectioncredential_accessdiscoverystealer

Malware Config

Targets

    • Target

      Our Ref 4004986984.exe

    • Size

      1.2MB

    • MD5

      30d77def02eb2b3eab84bb0b29c937d7

    • SHA1

      3dcb76d2b4696e2ab9c74525bf896f619465eadf

    • SHA256

      aac06648da594e367dc05c913263c6e07dd04807a3c9fb3259e76643fd79e0a0

    • SHA512

      9316919a068f9c5b5ca593daff7776017404715809d5883d50eee8ea134e2b8a46f71303bb6b7019141389fb1b6818a903a104368ef4c935cc6de4de111f416c

    • SSDEEP

      24576:EqDEvCTbMWu7rQYlBQcBiT6rprG8avT4znxKL1eqvZaN:ETvC/MTQYxsWR7aL4zxKL1eKa

    Score
    9/10
    collectioncredential_accessdiscoverystealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks