9f6ddd9a9470423d79508371ea22ef9a1d3ec9418fe25876a7a575321a1ab541 | Triage

Submit
Reports

Overview

overview

9

Static

static

8

9f6ddd9a94...41.exe

windows7-x64

9

9f6ddd9a94...41.exe

windows10-2004-x64

9

Sharing

General

Target

9f6ddd9a9470423d79508371ea22ef9a1d3ec9418fe25876a7a575321a1ab541
Size

363KB
Sample

221123-qstdwahg5x
MD5

e3fe512949c2e2c093f7bc639ca1dcb9
SHA1

d4dfa1f30c9b861f7dc07e63cf6a946fe6856747
SHA256

9f6ddd9a9470423d79508371ea22ef9a1d3ec9418fe25876a7a575321a1ab541
SHA512

447b4fe2c72787b43a7a34bc2d6bb6eb9a0cc2b088f2267f362aca5aff358c0a9178973531caaa25474445293b4b8d1ad1e44ca3acd83248f6f6e7959988315a
SSDEEP

6144:ky0penB8FiBA7Nlx/2QdYmNt0oaKEdrp0dmrD8ryHPPhUe7+Bj5FvwFU:TB8F2AfUQafYEpp0ArD8mHPWe7+BgFU

Score

9^/10

collection discovery persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9f6ddd9a9470423d79508371ea22ef9a1d3ec9418fe25876a7a575321a1ab541.exe

Resource

win7-20220812-en

collection discovery persistence spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9f6ddd9a9470423d79508371ea22ef9a1d3ec9418fe25876a7a575321a1ab541.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  9f6ddd9a9470423d79508371ea22ef9a1d3ec9418fe25876a7a575321a1ab541
- Size
  
  363KB
- MD5
  
  e3fe512949c2e2c093f7bc639ca1dcb9
- SHA1
  
  d4dfa1f30c9b861f7dc07e63cf6a946fe6856747
- SHA256
  
  9f6ddd9a9470423d79508371ea22ef9a1d3ec9418fe25876a7a575321a1ab541
- SHA512
  
  447b4fe2c72787b43a7a34bc2d6bb6eb9a0cc2b088f2267f362aca5aff358c0a9178973531caaa25474445293b4b8d1ad1e44ca3acd83248f6f6e7959988315a
- SSDEEP
  
  6144:ky0penB8FiBA7Nlx/2QdYmNt0oaKEdrp0dmrD8ryHPPhUe7+Bj5FvwFU:TB8F2AfUQafYEpp0ArD8mHPWe7+BgFU
Score

9^/10

collection discovery persistence spyware stealer upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

collectiondiscoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy