f8da48333c77feeb5fc217d503a3d9cc1f3decec6b5639d9152a9d832d2b51d1 | Triage

Sharing

General

Target

attachment.exe
Size

28KB
Sample

210721-2f1gvxxf5s
MD5

4dc31642ea0512a2a69ee759f481b24d
SHA1

4bbc75b6bc95bcb6d5a3f69667f922541d52ccbf
SHA256

f8da48333c77feeb5fc217d503a3d9cc1f3decec6b5639d9152a9d832d2b51d1
SHA512

1500a8cfe012536510817148237b25c759fd74f5ff654186e5d3b4be12e21618462cdf9926d83f0485c32c1640413b616ef2ff9f851653ce4e366be16119ea2b

Score

8^/10

persistence spyware stealer upx

Malware Config

Targets

- Target
  
  attachment.exe
- Size
  
  28KB
- MD5
  
  4dc31642ea0512a2a69ee759f481b24d
- SHA1
  
  4bbc75b6bc95bcb6d5a3f69667f922541d52ccbf
- SHA256
  
  f8da48333c77feeb5fc217d503a3d9cc1f3decec6b5639d9152a9d832d2b51d1
- SHA512
  
  1500a8cfe012536510817148237b25c759fd74f5ff654186e5d3b4be12e21618462cdf9926d83f0485c32c1640413b616ef2ff9f851653ce4e366be16119ea2b
Score

8^/10

persistence spyware stealer upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx