General

  • Target

    Shipping Doument.20200731.exe

  • Size

    354KB

  • Sample

    200731-31693lch8s

  • MD5

    0a8e1e15aae37ceba94dd78e4b722dce

  • SHA1

    848694417b664dc4773125b20d5bc08f977ed3a4

  • SHA256

    72329d4e81edcaa19778b8bf36f51e41f6ad5847d32f073b0d4959d9b1a9e458

  • SHA512

    0615745a810203c77087d20ba257534e4b6734f7c6e86d44f7c9d9b0286aa25f6f4ccec250b643319f07d8983281f88a48fdecb0f0730dddc378268a2f65fcb7

Score
7/10

Malware Config

Targets

    • Target

      Shipping Doument.20200731.exe

    • Size

      354KB

    • MD5

      0a8e1e15aae37ceba94dd78e4b722dce

    • SHA1

      848694417b664dc4773125b20d5bc08f977ed3a4

    • SHA256

      72329d4e81edcaa19778b8bf36f51e41f6ad5847d32f073b0d4959d9b1a9e458

    • SHA512

      0615745a810203c77087d20ba257534e4b6734f7c6e86d44f7c9d9b0286aa25f6f4ccec250b643319f07d8983281f88a48fdecb0f0730dddc378268a2f65fcb7

    Score
    7/10
    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • JavaScript code in executable

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks