Overview

overview

8

Static

static

8

7a9984103f...53.exe

windows7-x64

8

7a9984103f...53.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7a9984103f05860024d5c9f523f3e34e6adb5ac8faea26d95526498292083853

  • Size

    479KB

  • Sample

    221002-2e37psddf4

  • MD5

    71dd70fe90c32e5c4dcee4dee9502e61

  • SHA1

    461d2c852bb69220a5979ecad299d45c261336c8

  • SHA256

    7a9984103f05860024d5c9f523f3e34e6adb5ac8faea26d95526498292083853

  • SHA512

    42b207466ef9f775d85b816a606e91ef4e2145e37672fae8e876ff7a89f8d4e9333e7ed3412e28df8431bd1d02bb337066964835541100a65b2176ef21326baa

  • SSDEEP

    12288:Q6Wq4aaE6KwyF5L0Y2D1PqL2Ed/dd3g+jMK:mthEVaPqL2Ed/ddBgK

Score
8/10
evasionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      7a9984103f05860024d5c9f523f3e34e6adb5ac8faea26d95526498292083853

    • Size

      479KB

    • MD5

      71dd70fe90c32e5c4dcee4dee9502e61

    • SHA1

      461d2c852bb69220a5979ecad299d45c261336c8

    • SHA256

      7a9984103f05860024d5c9f523f3e34e6adb5ac8faea26d95526498292083853

    • SHA512

      42b207466ef9f775d85b816a606e91ef4e2145e37672fae8e876ff7a89f8d4e9333e7ed3412e28df8431bd1d02bb337066964835541100a65b2176ef21326baa

    • SSDEEP

      12288:Q6Wq4aaE6KwyF5L0Y2D1PqL2Ed/dd3g+jMK:mthEVaPqL2Ed/ddBgK

    Score
    8/10
    evasionpersistencespywarestealerupx

    • Drops file in Drivers directory

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Impair Defenses

1
T1562

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks