General
-
Target
Notification_of_Salary_Reduction_of_2000_Rupees.rar
-
Size
354KB
-
Sample
241009-k82gjaxeka
-
MD5
9494a6a1b16af8d8b112eb50dba615a3
-
SHA1
09679d266daf9eb330c104f0a1d3a000e5b1b50a
-
SHA256
75196f1b6e910108d8c56a6d0be12a2eca12903829c2197d18f16e0291484f36
-
SHA512
19fcfec0f023ae2aa10d03c9bb673980ba58b2b6ed903a32473b825fcb67b2dfbb2af182ed6abbb06f2fcf898cfaec92bd0c89c8d5e8a4e7dc490e352dcce62d
-
SSDEEP
6144:sy4zNpA3wRAtDlNRR7yUEzLu/SAI8vxlF5K5Hcnyi7iROB37GM47hcyeF5w93yxp:yw3eIICzIyxlqHcnyi7wu9yeF5yCQWso
Malware Config
Targets
-
-
Target
Notification_of_Salary_Reduction_of_2000_Rupees.rar
-
Size
354KB
-
MD5
9494a6a1b16af8d8b112eb50dba615a3
-
SHA1
09679d266daf9eb330c104f0a1d3a000e5b1b50a
-
SHA256
75196f1b6e910108d8c56a6d0be12a2eca12903829c2197d18f16e0291484f36
-
SHA512
19fcfec0f023ae2aa10d03c9bb673980ba58b2b6ed903a32473b825fcb67b2dfbb2af182ed6abbb06f2fcf898cfaec92bd0c89c8d5e8a4e7dc490e352dcce62d
-
SSDEEP
6144:sy4zNpA3wRAtDlNRR7yUEzLu/SAI8vxlF5K5Hcnyi7iROB37GM47hcyeF5w93yxp:yw3eIICzIyxlqHcnyi7wu9yeF5yCQWso
Score7/10-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2