e41ee8ef8e196d80c1db94848c6dd31eb8737b6f77d7bf63537138e110f79120 | Triage

Submit
Reports

Overview

overview

7

Static

static

pagamento.pdf.exe

windows7_x64

7

pagamento.pdf.exe

windows10_x64

3

Sharing

General

Target

pagamento.pdf.exe
Size

645KB
Sample

200630-ekqdvxhlh2
MD5

2dc09d438a5d93330cdc95cbcc1f92df
SHA1

2b347c840695d84ee8eee712f30933089efb1da2
SHA256

e41ee8ef8e196d80c1db94848c6dd31eb8737b6f77d7bf63537138e110f79120
SHA512

e3c755b33e72e95c161a4e90ef5e8f7e2cbe06929564c0833f3245bda9778afb0d62f02c89b5320ff154118e9dffbc1277701465b31f3d7c5305c6514674c697

Score

7^/10

spyware

Static task

static1

Behavioral task

behavioral1

Sample

pagamento.pdf.exe

Resource

win7v200430

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

pagamento.pdf.exe

Resource

win10v200430

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  pagamento.pdf.exe
- Size
  
  645KB
- MD5
  
  2dc09d438a5d93330cdc95cbcc1f92df
- SHA1
  
  2b347c840695d84ee8eee712f30933089efb1da2
- SHA256
  
  e41ee8ef8e196d80c1db94848c6dd31eb8737b6f77d7bf63537138e110f79120
- SHA512
  
  e3c755b33e72e95c161a4e90ef5e8f7e2cbe06929564c0833f3245bda9778afb0d62f02c89b5320ff154118e9dffbc1277701465b31f3d7c5305c6514674c697
Score

7^/10

spyware
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy