12b5ff6aeacfb3a674b23d5bb981c945ff6ce64228541b4f5a10576985e93c3b | Triage

Sharing

General

Target

12b5ff6aeacfb3a674b23d5bb981c945ff6ce64228541b4f5a10576985e93c3b
Size

878KB
Sample

221011-k7qcwaffc4
MD5

66a4985c03e1bcca6c261272e1b7ead1
SHA1

f0222eabdff4c38baf4773adba20ab24dc784039
SHA256

12b5ff6aeacfb3a674b23d5bb981c945ff6ce64228541b4f5a10576985e93c3b
SHA512

4c11dc37cd1f9ff160ab9a46b3830ff1851e4b8aeff19f480b08746ac8ed68bc7fb07d707b2eaa67a8b33963f8e1dacb027dd527fe6c4a3600ea51f0afe8f362
SSDEEP

24576:k6964ifHNEnqXjV9lOy+nPWHAvIbKRQl:kSeHunqJey+nugv9RQ

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  12b5ff6aeacfb3a674b23d5bb981c945ff6ce64228541b4f5a10576985e93c3b
- Size
  
  878KB
- MD5
  
  66a4985c03e1bcca6c261272e1b7ead1
- SHA1
  
  f0222eabdff4c38baf4773adba20ab24dc784039
- SHA256
  
  12b5ff6aeacfb3a674b23d5bb981c945ff6ce64228541b4f5a10576985e93c3b
- SHA512
  
  4c11dc37cd1f9ff160ab9a46b3830ff1851e4b8aeff19f480b08746ac8ed68bc7fb07d707b2eaa67a8b33963f8e1dacb027dd527fe6c4a3600ea51f0afe8f362
- SSDEEP
  
  24576:k6964ifHNEnqXjV9lOy+nPWHAvIbKRQl:kSeHunqJey+nugv9RQ
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2