d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61
Size

845KB
Sample

221002-pbecysfger
MD5

6abc3c32fda2b2c3f29e9f3eedcae31f
SHA1

d4b9aca393f3e52fe71a0375382295cce1aea8f8
SHA256

d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61
SHA512

7a03b61dfb731a9b04790d17cbea9a978aea3c4510805d9c3aed03676f5acb39c8028e2d1c2b3b62a5cb966a6d331dcbae50be481c57e3655190425d838093b5
SSDEEP

12288:YpZ7On7Rmb74lKtNd5+8A96DoVs6mx5g6ZXmFMzCmzJo4Zkb77zK0VfmMVY0VgT6:y7On+1BA96DwaPZWFMzCGogkXhEN0Sm

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61
- Size
  
  845KB
- MD5
  
  6abc3c32fda2b2c3f29e9f3eedcae31f
- SHA1
  
  d4b9aca393f3e52fe71a0375382295cce1aea8f8
- SHA256
  
  d6a3210ed9467df51604c34ee3f4f453e491f3421ecc1bd01ed8f86789e93d61
- SHA512
  
  7a03b61dfb731a9b04790d17cbea9a978aea3c4510805d9c3aed03676f5acb39c8028e2d1c2b3b62a5cb966a6d331dcbae50be481c57e3655190425d838093b5
- SSDEEP
  
  12288:YpZ7On7Rmb74lKtNd5+8A96DoVs6mx5g6ZXmFMzCmzJo4Zkb77zK0VfmMVY0VgT6:y7On+1BA96DwaPZWFMzCGogkXhEN0Sm
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2