General

  • Target

    Purchase Order.exe

  • Size

    760KB

  • Sample

    200630-t33gt4x9qj

  • MD5

    8ca7a1b98393f52dba795ea2cf181eba

  • SHA1

    c59942cdcd9150efcd5de3bcd27ff3ebd797c34c

  • SHA256

    8e9a33af805c86b714ba2d64ca204f7318c849660e98add74e589318b2250f1c

  • SHA512

    df878660ee46d9600cc5a7b5cd8b220a4390c03456b7efe335d25075907260b8580e03f862fe8c84010f9c92d9aa1b7695e18a683d299ea4f94844278f7f1204

Score
7/10

Malware Config

Targets

    • Target

      Purchase Order.exe

    • Size

      760KB

    • MD5

      8ca7a1b98393f52dba795ea2cf181eba

    • SHA1

      c59942cdcd9150efcd5de3bcd27ff3ebd797c34c

    • SHA256

      8e9a33af805c86b714ba2d64ca204f7318c849660e98add74e589318b2250f1c

    • SHA512

      df878660ee46d9600cc5a7b5cd8b220a4390c03456b7efe335d25075907260b8580e03f862fe8c84010f9c92d9aa1b7695e18a683d299ea4f94844278f7f1204

    Score
    7/10
    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks