db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506 | Triage

Submit
Reports

Overview

overview

8

Static

static

8

db9e7cbd83...06.exe

windows7_x64

8

db9e7cbd83...06.exe

windows10-2004_x64

8

Sharing

General

Target

db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506
Size

4.2MB
Sample

220521-m36keadaa7
MD5

37370eceaf48033001671cb3566e0927
SHA1

47941e3b617b2f5e59a3e313694f2c7422569698
SHA256

db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506
SHA512

9c574967b1e07f304730e87df8c99419ca3c94b20b5fad408a8ec9b0c89f39426cd02bc3b5b21bac49ca62a431eda16761e417ac75b1407d31c8a038b13a63d4

Score

8^/10

persistence spyware stealer upx vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506.exe

Resource

win7-20220414-en

persistence spyware stealer upx vmprotect

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506.exe

Resource

win10v2004-20220414-en

persistence spyware stealer upx vmprotect

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506
- Size
  
  4.2MB
- MD5
  
  37370eceaf48033001671cb3566e0927
- SHA1
  
  47941e3b617b2f5e59a3e313694f2c7422569698
- SHA256
  
  db9e7cbd83ba39269ca1bdcd0950ff8d620511999d66d9ecea3c572d40aea506
- SHA512
  
  9c574967b1e07f304730e87df8c99419ca3c94b20b5fad408a8ec9b0c89f39426cd02bc3b5b21bac49ca62a431eda16761e417ac75b1407d31c8a038b13a63d4
Score

8^/10

persistence spyware stealer upx vmprotect
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

persistencespywarestealerupxvmprotect

behavioral2

persistencespywarestealerupxvmprotect

© 2018-2024

Terms | Privacy