a3358444336894be9d0440fac1abad6dc3f29dab72a38d300ed09802ef58101f | Triage

Submit
Reports

Overview

overview

Static

static

malware/valoesp.exe

windows10-2004-x64

9

Sharing

General

Target

malware.rar
Size

3.8MB
Sample

221009-c3k9csgbd7
MD5

e447a3cafdc3beae2994a4931b226bad
SHA1

04c71b6146b18878093f47054bc84e1bb3bd8b75
SHA256

a3358444336894be9d0440fac1abad6dc3f29dab72a38d300ed09802ef58101f
SHA512

b36556f5f852d673251480f65d1f0960543cb533c8c6243e37669e66acac75d80b5791a9dad0b0a778e24d19ccd5a6395b9396a327b0febd0649651f7070ac18
SSDEEP

98304:3jIqd1WSL0pn7bBO5tVXk5Znz3SdqtE3RcjucTQHxJbTQSKpq:3d1WSwpXMXkbzCylbTgJHQSoq

Score

10^/10

spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

malware/valoesp.exe

Resource

win10v2004-20220812-en

spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  malware/valoesp.exe
- Size
  
  4.5MB
- MD5
  
  ff97ee84fe6d7149b02a1191a6e22bd7
- SHA1
  
  e4c6c2922c7186bb29ced67c94abf60dddfc3d01
- SHA256
  
  483e772e0e80db0ca04539ea3ffdbb9713b5bec4a76dba6a83e8afc151027cd6
- SHA512
  
  5ffc16978cbe3f6848557c15a4747f1e7df6a12b180950a6efb5522e2f80bbacc629c3e2a5a6cedc9bf3ec1bbc2213a2193a786a1b364641705313160b0afdea
- SSDEEP
  
  98304:nQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:mzUcwti7TQlF3ZxxWJSUnDv
Score

9^/10

spyware stealer upx
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

© 2018-2025

Terms | Privacy