Overview

overview

7

Static

static

3

suk.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    suk.exe

  • Size

    15.1MB

  • Sample

    220930-k1hdpaeaam

  • MD5

    29c5707b4f3626606777fb4d66f55fb0

  • SHA1

    1b5b269dd23a72c5cb6ec6f80b0d6210f552d87b

  • SHA256

    983822688d74ef6341f33a8a6b7ff476094678e373e9934d8b749ed3ed61bfbc

  • SHA512

    cd3da244f336e30b609683ffef3ce14312c420ae5e32d27a3c3e7347cafff55cacdaf5b0ad484b717a55ec2e32609da3785873cec14c87e98728ebb0a37727a2

  • SSDEEP

    393216:NbtwR5J3e3/TehYYfkP1UricCyCdN7mUh/CiIi02czJo:r0TeLyYYfE1UricCyCdN7mECiz02Y

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      suk.exe

    • Size

      15.1MB

    • MD5

      29c5707b4f3626606777fb4d66f55fb0

    • SHA1

      1b5b269dd23a72c5cb6ec6f80b0d6210f552d87b

    • SHA256

      983822688d74ef6341f33a8a6b7ff476094678e373e9934d8b749ed3ed61bfbc

    • SHA512

      cd3da244f336e30b609683ffef3ce14312c420ae5e32d27a3c3e7347cafff55cacdaf5b0ad484b717a55ec2e32609da3785873cec14c87e98728ebb0a37727a2

    • SSDEEP

      393216:NbtwR5J3e3/TehYYfkP1UricCyCdN7mUh/CiIi02czJo:r0TeLyYYfE1UricCyCdN7mECiz02Y

    Score
    7/10
    spywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Tasks