fd26ac6195c1f9e8e93c9cf1209ffb3e16813cee77fe036fd75a48a63dbc9d25 | Triage

Submit
Reports

Overview

overview

8

Static

static

fd26ac6195...25.exe

windows7-x64

8

fd26ac6195...25.exe

windows10-2004-x64

8

Sharing

General

Target

fd26ac6195c1f9e8e93c9cf1209ffb3e16813cee77fe036fd75a48a63dbc9d25
Size

1.4MB
Sample

221126-k5nfhafh76
MD5

09a4b760f38d1f654e5df983e4101a1b
SHA1

aca0681e4de078ddc681246855cc1c3312b59a06
SHA256

fd26ac6195c1f9e8e93c9cf1209ffb3e16813cee77fe036fd75a48a63dbc9d25
SHA512

8d26f286335aa477dd415d4e9560cb220870be5c2149c755b924b92cb61a724ce14ecaf3693864006417a0726df230c11588cea83a19ea0457c549388cc27cfa
SSDEEP

24576:m4j2oS3QZvV7+J7xBkpMZQtORwX01dkHQlNgChbqgxIiRoMwsuw:GW8h/iORy01dkHQlNlNqgJ3v

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

fd26ac6195c1f9e8e93c9cf1209ffb3e16813cee77fe036fd75a48a63dbc9d25.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

fd26ac6195c1f9e8e93c9cf1209ffb3e16813cee77fe036fd75a48a63dbc9d25.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  fd26ac6195c1f9e8e93c9cf1209ffb3e16813cee77fe036fd75a48a63dbc9d25
- Size
  
  1.4MB
- MD5
  
  09a4b760f38d1f654e5df983e4101a1b
- SHA1
  
  aca0681e4de078ddc681246855cc1c3312b59a06
- SHA256
  
  fd26ac6195c1f9e8e93c9cf1209ffb3e16813cee77fe036fd75a48a63dbc9d25
- SHA512
  
  8d26f286335aa477dd415d4e9560cb220870be5c2149c755b924b92cb61a724ce14ecaf3693864006417a0726df230c11588cea83a19ea0457c549388cc27cfa
- SSDEEP
  
  24576:m4j2oS3QZvV7+J7xBkpMZQtORwX01dkHQlNgChbqgxIiRoMwsuw:GW8h/iORy01dkHQlNlNqgJ3v
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy