Overview

overview

8

Static

static

3

a.exe

windows10_x64

8

a.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a.exe

  • Size

    9.5MB

  • Sample

    220526-mt6ttaeehq

  • MD5

    72ef6b4d7385319582cfc1fbd2546934

  • SHA1

    c81fcddae8c8b21b29e0cd375e96e7b752321ec5

  • SHA256

    b39dacd5d2abd9964017ca3d4ee965c7337a7ecd1f99b729f0268d1b496c71bc

  • SHA512

    191b75a33ec50b5380feb440837be5630c0506f00f664c0b029f0c29edcbed9e4451ca7317509d67cfbec2fee6851803c585297a144ea71bd662944b40503d4f

Score
8/10
evasionpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      a.exe

    • Size

      9.5MB

    • MD5

      72ef6b4d7385319582cfc1fbd2546934

    • SHA1

      c81fcddae8c8b21b29e0cd375e96e7b752321ec5

    • SHA256

      b39dacd5d2abd9964017ca3d4ee965c7337a7ecd1f99b729f0268d1b496c71bc

    • SHA512

      191b75a33ec50b5380feb440837be5630c0506f00f664c0b029f0c29edcbed9e4451ca7317509d67cfbec2fee6851803c585297a144ea71bd662944b40503d4f

    Score
    8/10
    evasionspywarestealerupx

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

2
T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

2
T1158

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks