Overview

overview

10

Static

static

96ebfeda20...c8.exe

windows7_x64

7

96ebfeda20...c8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96ebfeda206db9a5c24bf41c01a6c6c8.exe

  • Size

    446KB

  • Sample

    200629-6hc5ajn4ys

  • MD5

    96ebfeda206db9a5c24bf41c01a6c6c8

  • SHA1

    5cc7a9f01e26170e3864bf0c0b922ce8324aedad

  • SHA256

    94750c2deb968fcc6fa8df8438ec67e6fc4075503136b83883ca29b163559597

  • SHA512

    48e2349366e4f620eac07545d35adf41ad10ae55305c5daa5174b396d3e371fce7565288d1b1a71d55fddd84a4a9f888f127d34b248435dd906222194d4d7932

Score
10/10
spyware

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    secretary.cashier@yandex.com
  • Password:
    09021112146

Targets

    • Target

      96ebfeda206db9a5c24bf41c01a6c6c8.exe

    • Size

      446KB

    • MD5

      96ebfeda206db9a5c24bf41c01a6c6c8

    • SHA1

      5cc7a9f01e26170e3864bf0c0b922ce8324aedad

    • SHA256

      94750c2deb968fcc6fa8df8438ec67e6fc4075503136b83883ca29b163559597

    • SHA512

      48e2349366e4f620eac07545d35adf41ad10ae55305c5daa5174b396d3e371fce7565288d1b1a71d55fddd84a4a9f888f127d34b248435dd906222194d4d7932

    Score
    10/10
    spyware

    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

      spyware

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

      spyware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks