General

  • Target

    English_Court OrderCASE#036886890678.exe

  • Size

    422KB

  • Sample

    200712-6yfw4mt64s

  • MD5

    e9066a6c3f243cdb94085ef3ebb812ff

  • SHA1

    ae746dc34cb3de5bf506336d2cc229117b32c1ad

  • SHA256

    6824c4afb5e56e0c2b3e0b89a4acde70bcc2bd792334a6600225e623162ae621

  • SHA512

    6bf8a77dec0effc60170120e193a343338f5fe3dbde36289e02d295fc7360bea85c1f313f8b945dfcef7eb1d92f01fc5c95796778fd100ee3743b3242c8b7b31

Score
7/10

Malware Config

Targets

    • Target

      English_Court OrderCASE#036886890678.exe

    • Size

      422KB

    • MD5

      e9066a6c3f243cdb94085ef3ebb812ff

    • SHA1

      ae746dc34cb3de5bf506336d2cc229117b32c1ad

    • SHA256

      6824c4afb5e56e0c2b3e0b89a4acde70bcc2bd792334a6600225e623162ae621

    • SHA512

      6bf8a77dec0effc60170120e193a343338f5fe3dbde36289e02d295fc7360bea85c1f313f8b945dfcef7eb1d92f01fc5c95796778fd100ee3743b3242c8b7b31

    Score
    7/10
    • Reads data files stored by FTP clients

      Tries to access configuration files associated with programs like FileZilla.

    • Reads user/profile data of local email clients

      Email clients store some user data on disk where infostealers will often target it.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

3
T1081

Collection

Data from Local System

3
T1005

Tasks