5760543a875e41f72bec3e35aaeb3d9b9a2c142efb9b746c08645e17bca67c87 | Triage

Submit
Reports

Overview

overview

Static

static

8

5760543a87...87.exe

windows7-x64

5760543a87...87.exe

windows10-2004-x64

Sharing

General

Target

5760543a875e41f72bec3e35aaeb3d9b9a2c142efb9b746c08645e17bca67c87
Size

1021KB
Sample

220724-2z72dsccdr
MD5

460eb1c7fd90e39471fc03f1d2b94495
SHA1

9161acb114ef3072eb4642a3fb6130de246a4e82
SHA256

5760543a875e41f72bec3e35aaeb3d9b9a2c142efb9b746c08645e17bca67c87
SHA512

1741c53c77b186403b8a57b03622df71fecb9b085239293ca0ac109e3efe51d616f59e330b6ae2ec71b5b7b348cfb3eca5f97bd355fc5d97d797f01ac0b621f2

Score

10^/10

discovery persistence spyware stealer suricata upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5760543a875e41f72bec3e35aaeb3d9b9a2c142efb9b746c08645e17bca67c87.exe

Resource

win7-20220718-en

discovery persistence spyware stealer suricata upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5760543a875e41f72bec3e35aaeb3d9b9a2c142efb9b746c08645e17bca67c87.exe

Resource

win10v2004-20220721-en

discovery persistence spyware stealer suricata upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5760543a875e41f72bec3e35aaeb3d9b9a2c142efb9b746c08645e17bca67c87
- Size
  
  1021KB
- MD5
  
  460eb1c7fd90e39471fc03f1d2b94495
- SHA1
  
  9161acb114ef3072eb4642a3fb6130de246a4e82
- SHA256
  
  5760543a875e41f72bec3e35aaeb3d9b9a2c142efb9b746c08645e17bca67c87
- SHA512
  
  1741c53c77b186403b8a57b03622df71fecb9b085239293ca0ac109e3efe51d616f59e330b6ae2ec71b5b7b348cfb3eca5f97bd355fc5d97d797f01ac0b621f2
Score

10^/10

discovery persistence spyware stealer suricata upx
- suricata: ET MALWARE Win32/Kelihos.F Checkin
  suricata: ET MALWARE Win32/Kelihos.F Checkin
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealersuricataupx

behavioral2

discoverypersistencespywarestealersuricataupx

© 2018-2024

Terms | Privacy