Overview

overview

8

Static

static

Product Sp...0).exe

windows7_x64

8

Product Sp...0).exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Product Specification 58 (iv) Qty 45,000 KG (CuZn 30).exe

  • Size

    258KB

  • Sample

    200630-ndh5bwhppx

  • MD5

    05865820025c38359bb2f51c1e6a5ce6

  • SHA1

    4b8c9a275dcf3992839703a95d03e3acb75ac5a5

  • SHA256

    37d250d71a687db0e2c094fd5932bd32a6198a94b86553580d495cbb592d0f96

  • SHA512

    bbe6e903505611f8f769dc391485f6ed41df56ef5fde3f95eeb509b2427424f562d9bcb82fe1162a00f9762b9efa3120e431dfd655919288a3ccb4ae5deb620c

Score
8/10
persistencespyware

Malware Config

Targets

    • Target

      Product Specification 58 (iv) Qty 45,000 KG (CuZn 30).exe

    • Size

      258KB

    • MD5

      05865820025c38359bb2f51c1e6a5ce6

    • SHA1

      4b8c9a275dcf3992839703a95d03e3acb75ac5a5

    • SHA256

      37d250d71a687db0e2c094fd5932bd32a6198a94b86553580d495cbb592d0f96

    • SHA512

      bbe6e903505611f8f769dc391485f6ed41df56ef5fde3f95eeb509b2427424f562d9bcb82fe1162a00f9762b9efa3120e431dfd655919288a3ccb4ae5deb620c

    Score
    8/10
    persistencespyware

    • Sets DLL path for service in the registry

      persistence

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Modifies WinLogon

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Winlogon Helper DLL

1
T1004

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks