Overview

overview

10

Static

static

3

DHl Delive...pt.exe

windows7-x64

10

DHl Delive...pt.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c5f05de51de93cda05d218a60dd34c4d_JaffaCakes118

  • Size

    276KB

  • Sample

    240827-3ld2tsxbjd

  • MD5

    c5f05de51de93cda05d218a60dd34c4d

  • SHA1

    ff21a34f17713d06c8d786043f8c01ff1a3e5419

  • SHA256

    37f75faf90e40a3a976b7f9282b940ae2ca00329b52b1272679c6a4ad41a6270

  • SHA512

    a2830384ce6634b20baa0ccf97507d57c5a70072630363d844af0b5ecc377d11429e892a2726569cb64ef7127bed144da404cbfe0242c084f70ec619b450967f

  • SSDEEP

    6144:OCI5O1r7KU59Gc5r/fx1tpATl3DtlqtusQVjsAzpHW3cf6TucjjBbuM:O/A9L5Dx1wTtHfnpHtSTugBiM

Score
10/10
404keyloggercollectioncredential_accessdiscoverykeyloggerspywarestealerupx

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    mail.sapgroup.com.pk
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    moin@26919

Targets

    • Target

      DHl Delivery reciept.exe

    • Size

      624KB

    • MD5

      2cfdae4ee4082225277048a7735c1561

    • SHA1

      da23e01a6e02dddfcd7a52b3822c28c5b16aafc2

    • SHA256

      8243c8a72e7a2021b4d956f5dafc19ded0162e9eb99f158f8da83660ea9368b5

    • SHA512

      764946c9a353ab7b4a71376efbfe143deaedfb753b6cf98489761b6fab442a79d07ef9b2e030f93f9bd9a3f7be7a65695e61f015da093dccfed8278be87df14a

    • SSDEEP

      12288:9+p7p8KESESHe4/gD6WDSqWl/LDGTGM5irKnPkVB:UtRES4DBSq2KG2bPkVB

    Score
    10/10
    404keyloggercollectioncredential_accessdiscoverykeyloggerspywarestealerupx

    • 404 Keylogger

      Information stealer and keylogger first seen in 2019.

      stealerkeylogger404keylogger

    • 404 Keylogger Main Executable

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spywarestealer

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spywarestealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks