Overview

overview

9

Static

static

0001c1409b...88.exe

windows7_x64

9

0001c1409b...88.exe

windows10-2004_x64

9

Resubmissions

04/10/2023, 21:26

231004-1akzwsfb7v 9

23/02/2022, 01:55

220223-cchqjshhem 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0001c1409b360fc8e1b6933d20c7bfa42e1f5d7bc1593a5057a96930e0b53488

  • Size

    12.6MB

  • Sample

    220223-cchqjshhem

  • MD5

    e63dc29b24934b64f077291d2eba75f2

  • SHA1

    b1cdd6ccc14f5f65bef59975667d6306a1cd07b3

  • SHA256

    0001c1409b360fc8e1b6933d20c7bfa42e1f5d7bc1593a5057a96930e0b53488

  • SHA512

    b09df1937edc922a2d25bb3f60ac45f289db0a99fb0d0c581da10ff56237c3bd2012f02a28f1afae148dad2f744af86668b2a5e39f09aa286020d8c0221c9213

Score
9/10
persistencespywarestealerupx

Malware Config

Targets

    • Target

      0001c1409b360fc8e1b6933d20c7bfa42e1f5d7bc1593a5057a96930e0b53488

    • Size

      12.6MB

    • MD5

      e63dc29b24934b64f077291d2eba75f2

    • SHA1

      b1cdd6ccc14f5f65bef59975667d6306a1cd07b3

    • SHA256

      0001c1409b360fc8e1b6933d20c7bfa42e1f5d7bc1593a5057a96930e0b53488

    • SHA512

      b09df1937edc922a2d25bb3f60ac45f289db0a99fb0d0c581da10ff56237c3bd2012f02a28f1afae148dad2f744af86668b2a5e39f09aa286020d8c0221c9213

    Score
    9/10
    persistencespywarestealerupx

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks