Overview

overview

8

Static

static

0a90fcb89e...62.exe

windows7_x64

8

0a90fcb89e...62.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a90fcb89e5c36783d14359dfd0d2462.exe

  • Size

    2.9MB

  • Sample

    220411-h3sw4aedg9

  • MD5

    0a90fcb89e5c36783d14359dfd0d2462

  • SHA1

    2ff0e1a4c591dfc6182c4f58209ae02210abff86

  • SHA256

    09bbc753aa0ac277e42418b81587e1362c5dea6798432b3f589f0dae187d7953

  • SHA512

    bf043ddd6c6c4ac363d4f62399be6eb396f6f8ece8310cd4164eaf7109a62c5e44b7f2a3e1eb75f47f8c11942dc7a47f25680f6ffd4314212f563dcea0f46b81

Score
8/10
evasionspywarestealertrojanupx

Malware Config

Targets

    • Target

      0a90fcb89e5c36783d14359dfd0d2462.exe

    • Size

      2.9MB

    • MD5

      0a90fcb89e5c36783d14359dfd0d2462

    • SHA1

      2ff0e1a4c591dfc6182c4f58209ae02210abff86

    • SHA256

      09bbc753aa0ac277e42418b81587e1362c5dea6798432b3f589f0dae187d7953

    • SHA512

      bf043ddd6c6c4ac363d4f62399be6eb396f6f8ece8310cd4164eaf7109a62c5e44b7f2a3e1eb75f47f8c11942dc7a47f25680f6ffd4314212f563dcea0f46b81

    Score
    8/10
    spywarestealerupxevasiontrojan

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks