76f3a761f1f6078dac5957bbd5c005499f97b77756c793fcfc2ec3ec9c6fa9f3 | Triage

Sharing

General

Target

RFQ764907.exe
Size

5.0MB
Sample

200630-xjnjxxqcq2
MD5

02e5524c090c25a00c9329f2c5007dc9
SHA1

fc0f21666c483722bd8ae9d5fda716bbbcd32e1e
SHA256

76f3a761f1f6078dac5957bbd5c005499f97b77756c793fcfc2ec3ec9c6fa9f3
SHA512

9f6d96b648cc8dc3502e9fe640b2f4dd29a7ada1e9af898a438aa23aac47890a27e3aeeb5f3a78935bbe912f57924000df88e08bffd35c074655ccbd0eeeebff

Score

8^/10

persistence spyware

Malware Config

Targets

- Target
  
  RFQ764907.exe
- Size
  
  5.0MB
- MD5
  
  02e5524c090c25a00c9329f2c5007dc9
- SHA1
  
  fc0f21666c483722bd8ae9d5fda716bbbcd32e1e
- SHA256
  
  76f3a761f1f6078dac5957bbd5c005499f97b77756c793fcfc2ec3ec9c6fa9f3
- SHA512
  
  9f6d96b648cc8dc3502e9fe640b2f4dd29a7ada1e9af898a438aa23aac47890a27e3aeeb5f3a78935bbe912f57924000df88e08bffd35c074655ccbd0eeeebff
Score

8^/10

persistence spyware
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespyware

behavioral2