ac17ffe15b627c07a9503711b4f8bfcf4c4e44ac80757719567f59d7ea6b5825 | Triage

Submit
Reports

Overview

overview

8

Static

static

ac17ffe15b...25.exe

windows7-x64

8

ac17ffe15b...25.exe

windows10-2004-x64

8

Sharing

General

Target

ac17ffe15b627c07a9503711b4f8bfcf4c4e44ac80757719567f59d7ea6b5825
Size

1.0MB
Sample

221124-cqh88sed3x
MD5

6012f0f829cb791d080f4cf17647a6d4
SHA1

eacdf7be444b4bae4b91324b330116de74710b9d
SHA256

ac17ffe15b627c07a9503711b4f8bfcf4c4e44ac80757719567f59d7ea6b5825
SHA512

f3e3d346f0b1248b07e45a6290433b5ec45ea13dfe5dca7e50d414e114717b98cd19c2a4d36b4511c823afe255fb0804a86ac97287a54eb860b878cbc04ed8b9
SSDEEP

24576:odwCBYv2WgiWyxnySbPXe9IbOORuiPNHfterQ6byKZxSrm:YwIYv2WJLxpbG9IbFfVH0/ZUm

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

ac17ffe15b627c07a9503711b4f8bfcf4c4e44ac80757719567f59d7ea6b5825.exe

Resource

win7-20221111-en

discovery persistence spyware stealer upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac17ffe15b627c07a9503711b4f8bfcf4c4e44ac80757719567f59d7ea6b5825.exe

Resource

win10v2004-20221111-en

discovery persistence spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  ac17ffe15b627c07a9503711b4f8bfcf4c4e44ac80757719567f59d7ea6b5825
- Size
  
  1.0MB
- MD5
  
  6012f0f829cb791d080f4cf17647a6d4
- SHA1
  
  eacdf7be444b4bae4b91324b330116de74710b9d
- SHA256
  
  ac17ffe15b627c07a9503711b4f8bfcf4c4e44ac80757719567f59d7ea6b5825
- SHA512
  
  f3e3d346f0b1248b07e45a6290433b5ec45ea13dfe5dca7e50d414e114717b98cd19c2a4d36b4511c823afe255fb0804a86ac97287a54eb860b878cbc04ed8b9
- SSDEEP
  
  24576:odwCBYv2WgiWyxnySbPXe9IbOORuiPNHfterQ6byKZxSrm:YwIYv2WJLxpbG9IbFfVH0/ZUm
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy