General

  • Target

    NEW ORDER.PDF.exe

  • Size

    403KB

  • Sample

    200630-yhxtmthacj

  • MD5

    23df4ba5477379f16cc8ddaa6c6b2687

  • SHA1

    dd640ee2f95b52750aea77ad29b801c6fbf8b6f3

  • SHA256

    2645e6f05ce2c3ebfb5e928cfe3216d6da26dbe57c63113d70b8447b3fd21b5e

  • SHA512

    40f7fd072fb9dfd2f9872d0526b1280eb1b7cc57d9f2a7e7ceed7f534fcfe031f5e1eefbc405b90550c6779c47442d7e68f6c0850e3c9aaa247cb58f0c2e9dee

Score
7/10

Malware Config

Targets

    • Target

      NEW ORDER.PDF.exe

    • Size

      403KB

    • MD5

      23df4ba5477379f16cc8ddaa6c6b2687

    • SHA1

      dd640ee2f95b52750aea77ad29b801c6fbf8b6f3

    • SHA256

      2645e6f05ce2c3ebfb5e928cfe3216d6da26dbe57c63113d70b8447b3fd21b5e

    • SHA512

      40f7fd072fb9dfd2f9872d0526b1280eb1b7cc57d9f2a7e7ceed7f534fcfe031f5e1eefbc405b90550c6779c47442d7e68f6c0850e3c9aaa247cb58f0c2e9dee

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks