5300a0a0ca9bc1ac90ad1543fe3a1687db23b8f05194f86263938c57e0503b84 | Triage

Sharing

General

Target

cS7il0zOGtdU05K.exe
Size

364KB
Sample

200712-ygf87577c2
MD5

b0cac1cdd3c9ab7d332811850ddd8ab9
SHA1

750deac873706d16c1180ac9c3eda6f435828c3e
SHA256

5300a0a0ca9bc1ac90ad1543fe3a1687db23b8f05194f86263938c57e0503b84
SHA512

ebf73440a56091edacee8f04eb61f7aba66f5ca024bb3a10937eb41462146ab48295a9419e0e44fc5c5ec47affa0baf212555411a5f3f09ca9a946e20c3372fc

Score

7^/10

evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  cS7il0zOGtdU05K.exe
- Size
  
  364KB
- MD5
  
  b0cac1cdd3c9ab7d332811850ddd8ab9
- SHA1
  
  750deac873706d16c1180ac9c3eda6f435828c3e
- SHA256
  
  5300a0a0ca9bc1ac90ad1543fe3a1687db23b8f05194f86263938c57e0503b84
- SHA512
  
  ebf73440a56091edacee8f04eb61f7aba66f5ca024bb3a10937eb41462146ab48295a9419e0e44fc5c5ec47affa0baf212555411a5f3f09ca9a946e20c3372fc
Score

7^/10

evasion trojan spyware persistence
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Adds Run entry to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

spywarepersistence