General

  • Target

    img0000.exe

  • Size

    791KB

  • Sample

    200629-m7frmlwdqe

  • MD5

    4568b4a2d628d2720f895540074cef01

  • SHA1

    cc3c47d8c32f64aadca92c32cf4fb2f96f41d596

  • SHA256

    1e6d5a6bbf1f99d4fa6407fa70c5efbed9a7cd1486085c4bb6b213753bb0dbfe

  • SHA512

    5db2ad427298ab65ba051019bf0610e9ea5749084556137e1d6d206e777cb107c0d069547dd4c398d337c29ddb6ae40b48787710cff2cde5a1cdb4ce377b51ec

Score
7/10

Malware Config

Targets

    • Target

      img0000.exe

    • Size

      791KB

    • MD5

      4568b4a2d628d2720f895540074cef01

    • SHA1

      cc3c47d8c32f64aadca92c32cf4fb2f96f41d596

    • SHA256

      1e6d5a6bbf1f99d4fa6407fa70c5efbed9a7cd1486085c4bb6b213753bb0dbfe

    • SHA512

      5db2ad427298ab65ba051019bf0610e9ea5749084556137e1d6d206e777cb107c0d069547dd4c398d337c29ddb6ae40b48787710cff2cde5a1cdb4ce377b51ec

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks