46dda74095b229c3724b4ef7e5f4c05b0b0e15426ca76e9ac947475f21459d19 | Triage

Submit
Reports

Overview

overview

Static

static

SpyHunter-...er.exe

windows7_x64

SpyHunter-...er.exe

windows10-2004_x64

4

Sharing

General

Target

SpyHunter-5.11-5-26253-Installer.exe
Size

7.4MB
Sample

220114-thqrsahddr
MD5

911736872bcb9f85b9181c7d785ee032
SHA1

806691ea5f3cf3cd335b00e436c51c9cb85bc9a4
SHA256

46dda74095b229c3724b4ef7e5f4c05b0b0e15426ca76e9ac947475f21459d19
SHA512

016c73a7e8ecad84ba73e220a37869bdf8465411a2085133112ba1215b92553c3ff7194e425b94b13b43f0152a0c1194376c87c5ffbd2441df0f3236d2b8fda6

Score

10^/10

discovery evasion persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

SpyHunter-5.11-5-26253-Installer.exe

Resource

win7-en-20211208

discovery evasion persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SpyHunter-5.11-5-26253-Installer.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SpyHunter-5.11-5-26253-Installer.exe
- Size
  
  7.4MB
- MD5
  
  911736872bcb9f85b9181c7d785ee032
- SHA1
  
  806691ea5f3cf3cd335b00e436c51c9cb85bc9a4
- SHA256
  
  46dda74095b229c3724b4ef7e5f4c05b0b0e15426ca76e9ac947475f21459d19
- SHA512
  
  016c73a7e8ecad84ba73e220a37869bdf8465411a2085133112ba1215b92553c3ff7194e425b94b13b43f0152a0c1194376c87c5ffbd2441df0f3236d2b8fda6
Score

10^/10

discovery evasion persistence spyware stealer trojan upx
- Registers COM server for autorun
  persistence
- Creates new service(s)
  persistence
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojanupx

behavioral2

© 2018-2024

Terms | Privacy