General

  • Target

    Chemicals Genaral presentation.exe

  • Size

    284KB

  • Sample

    200630-y3y9tpza3s

  • MD5

    9ef7a2253f269a14bf170f4a60a97538

  • SHA1

    3e92a77ad4e208a678d5f0ccdd5bba0a9c08ecbb

  • SHA256

    2b8072cf7b0c14a4f9c662d66cf5f6a64c7defb73fb6b0fcc9cd5d32ff004101

  • SHA512

    41d1c0ffc87401c59c072126dd47de7cd2839fbd032c1c37781edac2c67d6ef818f3a86d42418a72afa2f447127a64e9a093ca9d8052557225843ba223650fda

Malware Config

Targets

    • Target

      Chemicals Genaral presentation.exe

    • Size

      284KB

    • MD5

      9ef7a2253f269a14bf170f4a60a97538

    • SHA1

      3e92a77ad4e208a678d5f0ccdd5bba0a9c08ecbb

    • SHA256

      2b8072cf7b0c14a4f9c662d66cf5f6a64c7defb73fb6b0fcc9cd5d32ff004101

    • SHA512

      41d1c0ffc87401c59c072126dd47de7cd2839fbd032c1c37781edac2c67d6ef818f3a86d42418a72afa2f447127a64e9a093ca9d8052557225843ba223650fda

    • UAC bypass

    • Windows security bypass

    • Adds Run entry to policy start application

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run entry to start application

    • Checks whether UAC is enabled

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Bypass User Account Control

1
T1088

Defense Evasion

Bypass User Account Control

1
T1088

Disabling Security Tools

2
T1089

Modify Registry

4
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Tasks