Overview

overview

8

Static

static

74161da72b...6c.exe

windows7-x64

8

74161da72b...6c.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    74161da72b92f3dc29efa72b75dcf86c

  • Size

    19.9MB

  • Sample

    221125-d1vwfsha75

  • MD5

    74161da72b92f3dc29efa72b75dcf86c

  • SHA1

    8490c1331b1c40ce986306d5dda51670f93fd78c

  • SHA256

    6e83d9e27d565709d8ee5980ff30cd4db9f0ffaf57ff81fdcca468556e189ad2

  • SHA512

    ced5b9e9358e9ebeed90d1f65fa994adcc55efb3ec9de1e382e671bd584777733ade7bb309031674797d68b8338cd79873a3e467a831ade9fb8159be96b58c5f

  • SSDEEP

    393216:Dowc0wiNiY5FZqOlRQKihdkdByFFCEJnBdTikjkDAWIjoS1SpyEeqBAClYljKAgA:pXbeOyFFCYBdTikgcWxS1OdeqGCluCAF

Score
8/10
discoveryevasionexploitpersistencespywarestealerupx

Malware Config

Targets

    • Target

      74161da72b92f3dc29efa72b75dcf86c

    • Size

      19.9MB

    • MD5

      74161da72b92f3dc29efa72b75dcf86c

    • SHA1

      8490c1331b1c40ce986306d5dda51670f93fd78c

    • SHA256

      6e83d9e27d565709d8ee5980ff30cd4db9f0ffaf57ff81fdcca468556e189ad2

    • SHA512

      ced5b9e9358e9ebeed90d1f65fa994adcc55efb3ec9de1e382e671bd584777733ade7bb309031674797d68b8338cd79873a3e467a831ade9fb8159be96b58c5f

    • SSDEEP

      393216:Dowc0wiNiY5FZqOlRQKihdkdByFFCEJnBdTikjkDAWIjoS1SpyEeqBAClYljKAgA:pXbeOyFFCYBdTikgcWxS1OdeqGCluCAF

    Score
    8/10
    discoveryevasionexploitpersistencespywarestealerupx

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Possible privilege escalation attempt

      exploit

    • Sets file execution options in registry

      persistence

    • Stops running service(s)

      evasion

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Registry Run Keys / Startup Folder

1
T1060

Modify Existing Service

1
T1031

Scheduled Task

1
T1053

Hidden Files and Directories

1
T1158

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Impair Defenses

1
T1562

File Permissions Modification

1
T1222

Hidden Files and Directories

1
T1158

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Process Discovery

1
T1057

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Service Stop

1
T1489

Tasks