5daf575c05c6ce4dbd7262850d5031810445a93f11ee3e29357c8eed4c9271e9 | Triage

Sharing

General

Target

ORDINE 2848 300620 OP 1 PRENOTAZIONE SCARICO.exe
Size

501KB
Sample

200630-6bhcd2mlge
MD5

0485f54184da61a8f5dd490c21928b21
SHA1

c860935690c8a9fb08413c36f5f27e06255dd686
SHA256

5daf575c05c6ce4dbd7262850d5031810445a93f11ee3e29357c8eed4c9271e9
SHA512

2112abe8d2a2dd0a747dcb2d957f58f355cabd249ff79ae9ebed6a0ae9d952cbcac4979663703d2d428b76c628fbf01a28f39d9839ac2f034a90b044d256de57

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  ORDINE 2848 300620 OP 1 PRENOTAZIONE SCARICO.exe
- Size
  
  501KB
- MD5
  
  0485f54184da61a8f5dd490c21928b21
- SHA1
  
  c860935690c8a9fb08413c36f5f27e06255dd686
- SHA256
  
  5daf575c05c6ce4dbd7262850d5031810445a93f11ee3e29357c8eed4c9271e9
- SHA512
  
  2112abe8d2a2dd0a747dcb2d957f58f355cabd249ff79ae9ebed6a0ae9d952cbcac4979663703d2d428b76c628fbf01a28f39d9839ac2f034a90b044d256de57
Score

7^/10

spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2