Overview

overview

7

Static

static

RFQ-proudct list.exe

windows7_x64

7

RFQ-proudct list.exe

windows10_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ-proudct list.exe

  • Size

    680KB

  • Sample

    200630-wx3ebl83xa

  • MD5

    47c4850ea77b7973791ca028a48b3eff

  • SHA1

    7db7d4d05164bed0ebf4ab53e6c17e5f81c72386

  • SHA256

    10d6e6ffa24a33da75382f2268d9450e64513b5265cb81b18190961a73d8f1ee

  • SHA512

    91f37972c44747d6e40f0b957252aa532436c74059d32dfd7616c2c51c7c598dc4a8d30e0360f94098b3117c60ad6f8816b5951f66a50c4218af8a17a63dda3e

Score
7/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      RFQ-proudct list.exe

    • Size

      680KB

    • MD5

      47c4850ea77b7973791ca028a48b3eff

    • SHA1

      7db7d4d05164bed0ebf4ab53e6c17e5f81c72386

    • SHA256

      10d6e6ffa24a33da75382f2268d9450e64513b5265cb81b18190961a73d8f1ee

    • SHA512

      91f37972c44747d6e40f0b957252aa532436c74059d32dfd7616c2c51c7c598dc4a8d30e0360f94098b3117c60ad6f8816b5951f66a50c4218af8a17a63dda3e

    Score
    7/10
    persistencespywareevasiontrojan

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks