General

  • Target

    TW200064 PO#13979 TW200301 TW200315 TW200170.exe

  • Size

    535KB

  • Sample

    200702-pjdq1cmjhe

  • MD5

    3c2858806e45c62ae13e74b264ad352a

  • SHA1

    2e226b15ba97c79bee76ecc1ee831a32be9d75c8

  • SHA256

    c6dc66a444215d6221e09e8fd68ae3a28eacf55f8de8462fb975c235304d7c4b

  • SHA512

    f6d7f32d622ace9bb243b1dec7b8fef6fa31a40e40d0f9b4c2271c0c02c2ab83d16bc69d0971e9937ed32667bfe0bb1981e3f0764102ca5361a4e879f9d04523

Score
7/10

Malware Config

Targets

    • Target

      TW200064 PO#13979 TW200301 TW200315 TW200170.exe

    • Size

      535KB

    • MD5

      3c2858806e45c62ae13e74b264ad352a

    • SHA1

      2e226b15ba97c79bee76ecc1ee831a32be9d75c8

    • SHA256

      c6dc66a444215d6221e09e8fd68ae3a28eacf55f8de8462fb975c235304d7c4b

    • SHA512

      f6d7f32d622ace9bb243b1dec7b8fef6fa31a40e40d0f9b4c2271c0c02c2ab83d16bc69d0971e9937ed32667bfe0bb1981e3f0764102ca5361a4e879f9d04523

    Score
    7/10
    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

2
T1081

Collection

Data from Local System

2
T1005

Tasks