c3fe9448f239bc46450d0795628b353b22f5aaf0eb1f1f7bc32c4239fea65f2b | Triage

Sharing

General

Target

c3fe9448f239bc46450d0795628b353b22f5aaf0eb1f1f7bc32c4239fea65f2b
Size

813KB
Sample

221123-lqwn1aca56
MD5

afe0fe0f2d0e312da50059166aa5c2ed
SHA1

126d425ff7ed3d4613ac57c02c5427d614d03d60
SHA256

c3fe9448f239bc46450d0795628b353b22f5aaf0eb1f1f7bc32c4239fea65f2b
SHA512

a1d6699bdb7909b7e9ee9825ce526bddca8cbb42ed115bb1f84112ee22261b715c34b15de2984dc9406645f848b05bafa4fca22d3d7acf0e48491957f8cfb019
SSDEEP

12288:mR0sANvwtAsWMY/N1U2kn6bAV6eJTHWYBGaqLjyQVlvuRCKx3Ae:m+MWDUzn6Je5EaqL+QVBKN

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  c3fe9448f239bc46450d0795628b353b22f5aaf0eb1f1f7bc32c4239fea65f2b
- Size
  
  813KB
- MD5
  
  afe0fe0f2d0e312da50059166aa5c2ed
- SHA1
  
  126d425ff7ed3d4613ac57c02c5427d614d03d60
- SHA256
  
  c3fe9448f239bc46450d0795628b353b22f5aaf0eb1f1f7bc32c4239fea65f2b
- SHA512
  
  a1d6699bdb7909b7e9ee9825ce526bddca8cbb42ed115bb1f84112ee22261b715c34b15de2984dc9406645f848b05bafa4fca22d3d7acf0e48491957f8cfb019
- SSDEEP
  
  12288:mR0sANvwtAsWMY/N1U2kn6bAV6eJTHWYBGaqLjyQVlvuRCKx3Ae:m+MWDUzn6Je5EaqL+QVBKN
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2