4ea4e0b456342ed3bc482162639f428480777e1709b48589d1dc1e8829ce9068 | Triage

Submit
Reports

Overview

overview

8

Static

static

4ea4e0b456...68.exe

windows7-x64

8

4ea4e0b456...68.exe

windows10-2004-x64

8

Sharing

General

Target

4ea4e0b456342ed3bc482162639f428480777e1709b48589d1dc1e8829ce9068
Size

1.0MB
Sample

221020-tg4bgscfg7
MD5

801216770ba4d6978966c9bd4ec2475b
SHA1

6c92b2484fa34de132349925c8ff75dfa864879c
SHA256

4ea4e0b456342ed3bc482162639f428480777e1709b48589d1dc1e8829ce9068
SHA512

e6933ab468f384b354a4dffdc53ba1569f78f2974eb17a6135ebe237bdb90ef176aecd9e2ebb334b2746802a64890134b490e0d4252082f5cb9d7f671502a8e7
SSDEEP

24576:zf57or/VzrGElBhS4n9lIg+aQUaCbRazegt7DmVU4dss:ZoLVGq24nnIgdaCbRiezrss

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

4ea4e0b456342ed3bc482162639f428480777e1709b48589d1dc1e8829ce9068.exe

Resource

win7-20220901-en

discovery persistence spyware stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ea4e0b456342ed3bc482162639f428480777e1709b48589d1dc1e8829ce9068.exe

Resource

win10v2004-20220901-en

discovery persistence spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  4ea4e0b456342ed3bc482162639f428480777e1709b48589d1dc1e8829ce9068
- Size
  
  1.0MB
- MD5
  
  801216770ba4d6978966c9bd4ec2475b
- SHA1
  
  6c92b2484fa34de132349925c8ff75dfa864879c
- SHA256
  
  4ea4e0b456342ed3bc482162639f428480777e1709b48589d1dc1e8829ce9068
- SHA512
  
  e6933ab468f384b354a4dffdc53ba1569f78f2974eb17a6135ebe237bdb90ef176aecd9e2ebb334b2746802a64890134b490e0d4252082f5cb9d7f671502a8e7
- SSDEEP
  
  24576:zf57or/VzrGElBhS4n9lIg+aQUaCbRazegt7DmVU4dss:ZoLVGq24nnIgdaCbRiezrss
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy