General

  • Target

    dhl_customers_form_pdf.exe

  • Size

    1006KB

  • Sample

    200630-91w66917cj

  • MD5

    fd847645836a66a79e9158f45f863edd

  • SHA1

    d2ea031d7928e421d57925c0e4108051d7d1d652

  • SHA256

    862376a9e48e0c84820bfd7b013cb14f9e2a41151785f3558e7912e2e8041d39

  • SHA512

    7374d9351f5e3940dfa63b9019275359ccf52666f182072624adb1ae60302e22bae2c66dd63107128cc63229a83f62dfb1afc648918836a50f56fb5cc2589999

Score
8/10

Malware Config

Targets

    • Target

      dhl_customers_form_pdf.exe

    • Size

      1006KB

    • MD5

      fd847645836a66a79e9158f45f863edd

    • SHA1

      d2ea031d7928e421d57925c0e4108051d7d1d652

    • SHA256

      862376a9e48e0c84820bfd7b013cb14f9e2a41151785f3558e7912e2e8041d39

    • SHA512

      7374d9351f5e3940dfa63b9019275359ccf52666f182072624adb1ae60302e22bae2c66dd63107128cc63229a83f62dfb1afc648918836a50f56fb5cc2589999

    Score
    8/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks