General

  • Target

    Purchase Order.exe

  • Size

    400KB

  • Sample

    200630-qxnvnltts2

  • MD5

    70a2de1c874b1061b6b819337db1d5f1

  • SHA1

    a4cdca63659ff9766caabf97d131154a3785484b

  • SHA256

    fb36e4d451d873356360a81436a985e64a97299bed171be05b7deec349ddd519

  • SHA512

    9ea8743988fca980dd337995c6d69f6a2e257af81268f6a67cbf6bcdd1d32c0b6104972f0a49fe978d244035e9029fc4cf29438ffe42ce42069896e440750443

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:
    smtp
  • Host:
    smtp.yandex.com
  • Port:
    587
  • Username:
    victormullerl@yandex.com
  • Password:
    HighKEY@#@@#

Targets

    • Target

      Purchase Order.exe

    • Size

      400KB

    • MD5

      70a2de1c874b1061b6b819337db1d5f1

    • SHA1

      a4cdca63659ff9766caabf97d131154a3785484b

    • SHA256

      fb36e4d451d873356360a81436a985e64a97299bed171be05b7deec349ddd519

    • SHA512

      9ea8743988fca980dd337995c6d69f6a2e257af81268f6a67cbf6bcdd1d32c0b6104972f0a49fe978d244035e9029fc4cf29438ffe42ce42069896e440750443

    Score
    10/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks