Overview

overview

8

Static

static

8

ฺฺฺB...¸ºà¸º

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nnneeeewww.exe

  • Size

    5.2MB

  • Sample

    210306-1xx5klyk9x

  • MD5

    360bb48ef6acca7233580b6cb8b6a3a9

  • SHA1

    baf21bee8e1ec86b4e0b99a19ff869d3be8de292

  • SHA256

    c68964901508a7967bb32907bab8e273717e01d0c3195318a0fb6b0032157632

  • SHA512

    0380b0d64c18c42123838bf40aa75c8145a9a7b44bb3578d5e8e86870fee8ff70da5f07edbd13ceb8060388b5d94a39cd12df927a138115e4c9cf2ea45da9d48

Score
8/10
spywareupx

Malware Config

Targets

    • Target

      nnneeeewww.exe

    • Size

      5.2MB

    • MD5

      360bb48ef6acca7233580b6cb8b6a3a9

    • SHA1

      baf21bee8e1ec86b4e0b99a19ff869d3be8de292

    • SHA256

      c68964901508a7967bb32907bab8e273717e01d0c3195318a0fb6b0032157632

    • SHA512

      0380b0d64c18c42123838bf40aa75c8145a9a7b44bb3578d5e8e86870fee8ff70da5f07edbd13ceb8060388b5d94a39cd12df927a138115e4c9cf2ea45da9d48

    Score
    8/10
    spyware

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks