General
-
Target
TNT E-Invoice Consignment Delivey Notification_pdf.exe
-
Size
401KB
-
Sample
200731-t9l5tqyjq2
-
MD5
bbebe99bf36cb3dc4c3c37a9487468ac
-
SHA1
b3c4734cbc3846304647fbf6854f6cbb3c0ab635
-
SHA256
4524f74c75340e0761a5e4e0f3c070fb96a364de054fead9c96c8ee8f4f81f0a
-
SHA512
64dfec480badbb528b1cc43d90780b7a1600bdb768da047013d5db16ebdf49d003dbc01a43568104c5dba220f54ff95f7c12648ca4cbed8a2098c817e1cf2016
Static task
static1
Behavioral task
behavioral1
Sample
TNT E-Invoice Consignment Delivey Notification_pdf.exe
Resource
win7
Behavioral task
behavioral2
Sample
TNT E-Invoice Consignment Delivey Notification_pdf.exe
Resource
win10v200722
Malware Config
Extracted
Protocol: smtp- Host:
mail.minioninvest.com - Port:
587 - Username:
support@minioninvest.com - Password:
uchegite08
Targets
-
-
Target
TNT E-Invoice Consignment Delivey Notification_pdf.exe
-
Size
401KB
-
MD5
bbebe99bf36cb3dc4c3c37a9487468ac
-
SHA1
b3c4734cbc3846304647fbf6854f6cbb3c0ab635
-
SHA256
4524f74c75340e0761a5e4e0f3c070fb96a364de054fead9c96c8ee8f4f81f0a
-
SHA512
64dfec480badbb528b1cc43d90780b7a1600bdb768da047013d5db16ebdf49d003dbc01a43568104c5dba220f54ff95f7c12648ca4cbed8a2098c817e1cf2016
Score10/10-
Modifies WinLogon for persistence
-
Reads data files stored by FTP clients
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of local email clients
Email clients store some user data on disk where infostealers will often target it.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Modifies service
-
Suspicious use of SetThreadContext
-