570c24e1feb5f33e1863da0372ac0a64bd83b52163364c7b8901b9451312eff4 | Triage

Submit
Reports

Overview

overview

Static

static

570c24e1fe...f4.exe

windows7-x64

570c24e1fe...f4.exe

windows10-2004-x64

3

Sharing

General

Target

570c24e1feb5f33e1863da0372ac0a64bd83b52163364c7b8901b9451312eff4
Size

1.1MB
Sample

220725-a83z9agbgr
MD5

8be9af1257fc0d320169ad34a3bb32f3
SHA1

350d0e9d177fde3760eb5cf3c01a96026137b03a
SHA256

570c24e1feb5f33e1863da0372ac0a64bd83b52163364c7b8901b9451312eff4
SHA512

009eb763aaaeaa559e04fc32e96e0ef94b8c832294f304f5606653809381128262ff0d744a53565b4144ff348e2cf112b74a157e7380d83165b89b0c07e48617

Score

10^/10

discovery persistence spyware stealer suricata upx

Static task

static1

Behavioral task

behavioral1

Sample

570c24e1feb5f33e1863da0372ac0a64bd83b52163364c7b8901b9451312eff4.exe

Resource

win7-20220718-en

discovery persistence spyware stealer suricata upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

570c24e1feb5f33e1863da0372ac0a64bd83b52163364c7b8901b9451312eff4.exe

Resource

win10v2004-20220722-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  570c24e1feb5f33e1863da0372ac0a64bd83b52163364c7b8901b9451312eff4
- Size
  
  1.1MB
- MD5
  
  8be9af1257fc0d320169ad34a3bb32f3
- SHA1
  
  350d0e9d177fde3760eb5cf3c01a96026137b03a
- SHA256
  
  570c24e1feb5f33e1863da0372ac0a64bd83b52163364c7b8901b9451312eff4
- SHA512
  
  009eb763aaaeaa559e04fc32e96e0ef94b8c832294f304f5606653809381128262ff0d744a53565b4144ff348e2cf112b74a157e7380d83165b89b0c07e48617
Score

10^/10

discovery persistence spyware stealer suricata upx
- suricata: ET MALWARE Win32/Kelihos.F Checkin
  suricata: ET MALWARE Win32/Kelihos.F Checkin
  suricata
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealersuricataupx

behavioral2

© 2018-2024

Terms | Privacy