c8e4d34a4397fecd61c4949471b9b3dd67fa75d89c2815862d358c01a2cf3386 | Triage

Submit
Reports

Overview

overview

Static

static

c8e4d34a43...86.exe

windows7-x64

c8e4d34a43...86.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

c8e4d34a4397fecd61c4949471b9b3dd67fa75d89c2815862d358c01a2cf3386
Size

840KB
Sample

221003-c6vbfaecaq
MD5

5dc112da48067b70f0cb192286354714
SHA1

a298d7945554083de7c29145922f30e15d18ab7f
SHA256

c8e4d34a4397fecd61c4949471b9b3dd67fa75d89c2815862d358c01a2cf3386
SHA512

6d1db288699f91f0d63cc61ac1230c357711b91a1d42db72e745bde40a1f0cff7879446b76fa3bf841d0aa2ab18638f078e73af98b597c5613d4365f1eb40629
SSDEEP

12288:cCpyvXFPTfnCvX66h/NYJ9nDW6FApNg3gZqdDUtOuBiMc/j6KRVrxn7Nl4+GtlrL:Bk9P7nCvX6MNYLIbgYJ3chra+GbrL

Score

10^/10

evasion persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

c8e4d34a4397fecd61c4949471b9b3dd67fa75d89c2815862d358c01a2cf3386.exe

Resource

win7-20220812-en

evasion persistence spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

c8e4d34a4397fecd61c4949471b9b3dd67fa75d89c2815862d358c01a2cf3386.exe

Resource

win10v2004-20220901-en

evasion persistence spyware stealer upx

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  c8e4d34a4397fecd61c4949471b9b3dd67fa75d89c2815862d358c01a2cf3386
- Size
  
  840KB
- MD5
  
  5dc112da48067b70f0cb192286354714
- SHA1
  
  a298d7945554083de7c29145922f30e15d18ab7f
- SHA256
  
  c8e4d34a4397fecd61c4949471b9b3dd67fa75d89c2815862d358c01a2cf3386
- SHA512
  
  6d1db288699f91f0d63cc61ac1230c357711b91a1d42db72e745bde40a1f0cff7879446b76fa3bf841d0aa2ab18638f078e73af98b597c5613d4365f1eb40629
- SSDEEP
  
  12288:cCpyvXFPTfnCvX66h/NYJ9nDW6FApNg3gZqdDUtOuBiMc/j6KRVrxn7Nl4+GtlrL:Bk9P7nCvX6MNYLIbgYJ3chra+GbrL
Score

10^/10

evasion persistence spyware stealer upx
- Modifies visiblity of hidden/system files in Explorer
  evasion
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Credentials in Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealerupx

behavioral2

evasionpersistencespywarestealerupx

© 2018-2025

Terms | Privacy