8393ea09538a5a4f2c88239b98868d76cad4e969d71069991dbae33adb9124fa | Triage

Submit
Reports

Overview

overview

8

Static

static

8393ea0953...fa.exe

windows7-x64

8

8393ea0953...fa.exe

windows10-2004-x64

8

Sharing

General

Target

8393ea09538a5a4f2c88239b98868d76cad4e969d71069991dbae33adb9124fa
Size

1.4MB
Sample

221126-k6s3daga26
MD5

1283027fd55362a26549f23cad21996e
SHA1

2c268ac1c4484e5bef4d9b6ba1217cfc291411f2
SHA256

8393ea09538a5a4f2c88239b98868d76cad4e969d71069991dbae33adb9124fa
SHA512

abc294cfc817b7cbf9cec280d927bbf291d841d53f9bcf4e814d5fa69181e908f9e7b48c2acdb52b86cf2195ae1bf9f3903bc1c038f4704a9e89188c318f2d2e
SSDEEP

24576:EewiOzZEixRB/ucgkRSWZDIaOpVIvaZVK:EHX3DgYFDIJr0aZY

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

8393ea09538a5a4f2c88239b98868d76cad4e969d71069991dbae33adb9124fa.exe

Resource

win7-20220812-en

discovery persistence spyware stealer upx

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

8393ea09538a5a4f2c88239b98868d76cad4e969d71069991dbae33adb9124fa.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  8393ea09538a5a4f2c88239b98868d76cad4e969d71069991dbae33adb9124fa
- Size
  
  1.4MB
- MD5
  
  1283027fd55362a26549f23cad21996e
- SHA1
  
  2c268ac1c4484e5bef4d9b6ba1217cfc291411f2
- SHA256
  
  8393ea09538a5a4f2c88239b98868d76cad4e969d71069991dbae33adb9124fa
- SHA512
  
  abc294cfc817b7cbf9cec280d927bbf291d841d53f9bcf4e814d5fa69181e908f9e7b48c2acdb52b86cf2195ae1bf9f3903bc1c038f4704a9e89188c318f2d2e
- SSDEEP
  
  24576:EewiOzZEixRB/ucgkRSWZDIaOpVIvaZVK:EHX3DgYFDIJr0aZY
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy