885c0db8dce61efe0b93c41f8eaf4e42f0180ba4b9045d8ca6978298d81bebec | Triage

Sharing

General

Target

GRP Production drawing Order confrimation 0022.exe
Size

258KB
Sample

200630-rfrvh5yaxs
MD5

ac9fa9d4866f1ac20a24463942ea7189
SHA1

292ac8c75a35f04e86b021e6ca3b284eb27fa870
SHA256

885c0db8dce61efe0b93c41f8eaf4e42f0180ba4b9045d8ca6978298d81bebec
SHA512

d6abd43e4b6ca2036701a19a202710798802eeeab07dc55b2ec6ff14e97a9dd355cf48e801c624e40fe5b503af4a1ce0872a6b565c5a77de3252ac8c57a09125

Score

7^/10

spyware

Malware Config

Targets

- Target
  
  GRP Production drawing Order confrimation 0022.exe
- Size
  
  258KB
- MD5
  
  ac9fa9d4866f1ac20a24463942ea7189
- SHA1
  
  292ac8c75a35f04e86b021e6ca3b284eb27fa870
- SHA256
  
  885c0db8dce61efe0b93c41f8eaf4e42f0180ba4b9045d8ca6978298d81bebec
- SHA512
  
  d6abd43e4b6ca2036701a19a202710798802eeeab07dc55b2ec6ff14e97a9dd355cf48e801c624e40fe5b503af4a1ce0872a6b565c5a77de3252ac8c57a09125
Score

7^/10

spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2