6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f | Triage

Submit
Reports

Overview

overview

Static

static

6fd799e64e...8f.exe

windows7_x64

6fd799e64e...8f.exe

windows10-2004_x64

5

Sharing

General

Target

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
Size

1.0MB
Sample

220309-t8h5maaga5
MD5

5e8183e3395b2c6c6ac39d40d28f3f8a
SHA1

f51db7e5d9dd7de25ee9b094a25a2fa593e8040d
SHA256

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
SHA512

be4138a2672d98822ec75b6892cd84120b2aee166bd332d961db812e8acd0c60f53fb7626aa29192304fcf6d9c1de09197959cd477d95c34c7a761fe5142731a

Score

10^/10

collection discovery spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

Resource

win7-20220223-en

collection discovery spyware stealer upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f.exe

Resource

win10v2004-en-20220113

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.mail.com
Port:
587
Username:
diplomat.thomasfletcher@post.com
Password:
Lordcardo31

Targets

- Target
  
  6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
- Size
  
  1.0MB
- MD5
  
  5e8183e3395b2c6c6ac39d40d28f3f8a
- SHA1
  
  f51db7e5d9dd7de25ee9b094a25a2fa593e8040d
- SHA256
  
  6fd799e64e98e19e4fb4f82c62b673e389e7c4682368f7a3d88a723e241da68f
- SHA512
  
  be4138a2672d98822ec75b6892cd84120b2aee166bd332d961db812e8acd0c60f53fb7626aa29192304fcf6d9c1de09197959cd477d95c34c7a761fe5142731a
Score

10^/10

collection discovery spyware stealer upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectiondiscoveryspywarestealerupx

behavioral2

© 2018-2024

Terms | Privacy