9016e3c9d78a57f171f7bc9e90cd334bde5361f1e5b3aefc423a882ffd2f94d4 | Triage

Submit
Reports

Overview

overview

9

Static

static

9016e3c9d7...d4.exe

windows7-x64

9

9016e3c9d7...d4.exe

windows10-2004-x64

9

Sharing

General

Target

9016e3c9d78a57f171f7bc9e90cd334bde5361f1e5b3aefc423a882ffd2f94d4
Size

2.2MB
Sample

221125-1p98bscc9s
MD5

5ed33d0581eb5573f314944d600cdc24
SHA1

c1f605daf9a9028df5613f6dbd1f7514667e19f3
SHA256

9016e3c9d78a57f171f7bc9e90cd334bde5361f1e5b3aefc423a882ffd2f94d4
SHA512

264b84eaa6f52f043ff443182157776ece7095c826f4821ee10094a479b85035159eb9194a6c6c826e4d4f9ed0530eae0fc382eccfed8a72906a67b0c57b919b
SSDEEP

49152:8lHNiTu2rgJ28h1XyAZvz2zX1BqEKuDmvyG7:86Tfu2OzcFBqxEmqq

Score

9^/10

evasion persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

9016e3c9d78a57f171f7bc9e90cd334bde5361f1e5b3aefc423a882ffd2f94d4.exe

Resource

win7-20220812-en

evasion persistence spyware stealer upx

windows7-x64

22 signatures

150 seconds

Behavioral task

behavioral2

Sample

9016e3c9d78a57f171f7bc9e90cd334bde5361f1e5b3aefc423a882ffd2f94d4.exe

Resource

win10v2004-20220901-en

evasion persistence spyware stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  9016e3c9d78a57f171f7bc9e90cd334bde5361f1e5b3aefc423a882ffd2f94d4
- Size
  
  2.2MB
- MD5
  
  5ed33d0581eb5573f314944d600cdc24
- SHA1
  
  c1f605daf9a9028df5613f6dbd1f7514667e19f3
- SHA256
  
  9016e3c9d78a57f171f7bc9e90cd334bde5361f1e5b3aefc423a882ffd2f94d4
- SHA512
  
  264b84eaa6f52f043ff443182157776ece7095c826f4821ee10094a479b85035159eb9194a6c6c826e4d4f9ed0530eae0fc382eccfed8a72906a67b0c57b919b
- SSDEEP
  
  49152:8lHNiTu2rgJ28h1XyAZvz2zX1BqEKuDmvyG7:86Tfu2OzcFBqxEmqq
Score

9^/10

evasion persistence spyware stealer upx
- Grants admin privileges
  Uses net.exe to modify the user's privileges.
- Disables RegEdit via registry modification
  evasion
- Drops file in Drivers directory
- Executes dropped EXE
- Modifies RDP port number used by Windows
- Sets file execution options in registry
  persistence
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Account Manipulation

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Remote Desktop Protocol

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealerupx

behavioral2

evasionpersistencespywarestealerupx

© 2018-2024

Terms | Privacy