ef3cf9b1309c754f3739242335ab6a284da8fafcd6a2f0dca017925368943638 | Triage

Sharing

General

Target

ef3cf9b1309c754f3739242335ab6a284da8fafcd6a2f0dca017925368943638
Size

1.4MB
Sample

221126-k5sp8afh79
MD5

51f0026646ed8028e88f6b972c6cf8ad
SHA1

a4bcd282455bf0dc4aca3b68d7296b7b1375ec15
SHA256

ef3cf9b1309c754f3739242335ab6a284da8fafcd6a2f0dca017925368943638
SHA512

a67087ee9ac844175c68f32d11709f32bd6258c641c7a8b88b3dcf64823bf208b2eca1a6eb7ebfd6dfa718ed074a3eb9d96b10e5c8a8ec2639453ac6e7336afc
SSDEEP

12288:+nbZvgTLIlRpBn43SNlj3pnd3kraSbeQFLsZIs9EO0yafGfGtA5boSEhMm:+BuLIH/RNV5niWSbe6sicVaGYiboSwMm

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  ef3cf9b1309c754f3739242335ab6a284da8fafcd6a2f0dca017925368943638
- Size
  
  1.4MB
- MD5
  
  51f0026646ed8028e88f6b972c6cf8ad
- SHA1
  
  a4bcd282455bf0dc4aca3b68d7296b7b1375ec15
- SHA256
  
  ef3cf9b1309c754f3739242335ab6a284da8fafcd6a2f0dca017925368943638
- SHA512
  
  a67087ee9ac844175c68f32d11709f32bd6258c641c7a8b88b3dcf64823bf208b2eca1a6eb7ebfd6dfa718ed074a3eb9d96b10e5c8a8ec2639453ac6e7336afc
- SSDEEP
  
  12288:+nbZvgTLIlRpBn43SNlj3pnd3kraSbeQFLsZIs9EO0yafGfGtA5boSEhMm:+BuLIH/RNV5niWSbe6sicVaGYiboSwMm
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealer

behavioral2

discoverypersistencespywarestealerupx