General

  • Target

    Original Shipping Documents_pdf.exe

  • Size

    971KB

  • Sample

    200630-jxtal6z8ze

  • MD5

    454ff9cce1b7c0fcff62fac3934e388e

  • SHA1

    511d526ba09c230256eaef22cd41d567abcfad9c

  • SHA256

    faf99231509526fbdf016c32d79c52449bdb06710204d9b849a75dca13fe5157

  • SHA512

    2e47dccc4a0509ff06140a0fb0776e40e3ce617dac852958454c6720189b7063c3794c5654e56015950313f37872d5e817ed33d41d03bda951ae8f671b7f74b5

Score
8/10

Malware Config

Targets

    • Target

      Original Shipping Documents_pdf.exe

    • Size

      971KB

    • MD5

      454ff9cce1b7c0fcff62fac3934e388e

    • SHA1

      511d526ba09c230256eaef22cd41d567abcfad9c

    • SHA256

      faf99231509526fbdf016c32d79c52449bdb06710204d9b849a75dca13fe5157

    • SHA512

      2e47dccc4a0509ff06140a0fb0776e40e3ce617dac852958454c6720189b7063c3794c5654e56015950313f37872d5e817ed33d41d03bda951ae8f671b7f74b5

    Score
    8/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks