9f8f8c1afb93ef2734bc971f8e1ad829ef6f086a6137d5939afdbfeae02c8fe6 | Triage

Sharing

General

Target

9f8f8c1afb93ef2734bc971f8e1ad829ef6f086a6137d5939afdbfeae02c8fe6
Size

1.4MB
Sample

221126-k6fr2sfh95
MD5

3a1f26ef99fa18e418f4975d8a28cdd8
SHA1

9ba72da9c145f92dfec694a155f39a3de4436f3e
SHA256

9f8f8c1afb93ef2734bc971f8e1ad829ef6f086a6137d5939afdbfeae02c8fe6
SHA512

691d58386a169194ed84e16951993a8bcbf5b5379a66efb9f01ec0a79f14f4158cdd9608ddd8d6481530f4f16b18261614c89b6141788700ea3c478989e5dc6c
SSDEEP

24576:QzbmlhO/p9J5e9An87zFAobnoKGMyaEexYqPtBxcVmqJ4/ru:Qzb8hOnJxn87zFAojoKGMyaEA5BxPqJX

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  9f8f8c1afb93ef2734bc971f8e1ad829ef6f086a6137d5939afdbfeae02c8fe6
- Size
  
  1.4MB
- MD5
  
  3a1f26ef99fa18e418f4975d8a28cdd8
- SHA1
  
  9ba72da9c145f92dfec694a155f39a3de4436f3e
- SHA256
  
  9f8f8c1afb93ef2734bc971f8e1ad829ef6f086a6137d5939afdbfeae02c8fe6
- SHA512
  
  691d58386a169194ed84e16951993a8bcbf5b5379a66efb9f01ec0a79f14f4158cdd9608ddd8d6481530f4f16b18261614c89b6141788700ea3c478989e5dc6c
- SSDEEP
  
  24576:QzbmlhO/p9J5e9An87zFAobnoKGMyaEexYqPtBxcVmqJ4/ru:Qzb8hOnJxn87zFAojoKGMyaEA5BxPqJX
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx