392a3fa738bc94c489cffb1041f79efa329c591f5f51433df6a9655fe46b1120 | Triage

Submit
Reports

Overview

overview

9

Static

static

392a3fa738...20.exe

windows7_x64

9

392a3fa738...20.exe

windows10_x64

9

Sharing

General

Target

392a3fa738bc94c489cffb1041f79efa329c591f5f51433df6a9655fe46b1120
Size

1.7MB
Sample

211130-tmkrbsafc3
MD5

f5d6bea53461a316ec90a33da7e2ad50
SHA1

4a66c84431c6c77dae23e270b51e6fa2ce04734f
SHA256

392a3fa738bc94c489cffb1041f79efa329c591f5f51433df6a9655fe46b1120
SHA512

e66c867a4655fb9b1e3c936bcd5d5b5246c8049bd7c693b6a62b4f67c7cbfc56601c5f8d6c459838fd8979ffaf8e9caeae110d2e8f898ca4a5db1df4a90e850f

Score

9^/10

evasion spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

392a3fa738bc94c489cffb1041f79efa329c591f5f51433df6a9655fe46b1120.exe

Resource

win7-en-20211014

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

392a3fa738bc94c489cffb1041f79efa329c591f5f51433df6a9655fe46b1120.exe

Resource

win10-en-20211104

evasion spyware stealer upx

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  392a3fa738bc94c489cffb1041f79efa329c591f5f51433df6a9655fe46b1120
- Size
  
  1.7MB
- MD5
  
  f5d6bea53461a316ec90a33da7e2ad50
- SHA1
  
  4a66c84431c6c77dae23e270b51e6fa2ce04734f
- SHA256
  
  392a3fa738bc94c489cffb1041f79efa329c591f5f51433df6a9655fe46b1120
- SHA512
  
  e66c867a4655fb9b1e3c936bcd5d5b5246c8049bd7c693b6a62b4f67c7cbfc56601c5f8d6c459838fd8979ffaf8e9caeae110d2e8f898ca4a5db1df4a90e850f
Score

9^/10

evasion upx spyware stealer
- Looks for VirtualBox Guest Additions in registry
  evasion
- Executes dropped EXE
- Looks for VMWare Tools registry key
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

evasionspywarestealerupx

© 2018-2024

Terms | Privacy