249cc9266aef91567f39cc71e6d1db73347cac9ec6f2aa95e2e4fc5c64a1f766 | Triage

Submit
Reports

Overview

overview

8

Static

static

249cc9266a...66.exe

windows7-x64

8

249cc9266a...66.exe

windows10-2004-x64

8

Sharing

General

Target

249cc9266aef91567f39cc71e6d1db73347cac9ec6f2aa95e2e4fc5c64a1f766
Size

813KB
Sample

221127-t1sdbsbg72
MD5

a82b5a3878afc0cc0f339424cd39daf9
SHA1

43e2aa0072eef60a6261ee2b4455637bfe857444
SHA256

249cc9266aef91567f39cc71e6d1db73347cac9ec6f2aa95e2e4fc5c64a1f766
SHA512

d21930e1d6019af4f2850779b980b429edc66ffda7f37d7fb468eedeac9c8851f078041f268eaf4424739357c7259046ecff2798c177ae2284ef04c72ef6465c
SSDEEP

12288:rN2YioqA70wC6qtf3m8FutpPfKTMpIS+ph6AzKygyTpdhJw6MBgZBQ8kVNcu:Y0qA7Gm8FuXf3pIS+d6kGUBQ8V

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

249cc9266aef91567f39cc71e6d1db73347cac9ec6f2aa95e2e4fc5c64a1f766.exe

Resource

win7-20221111-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

249cc9266aef91567f39cc71e6d1db73347cac9ec6f2aa95e2e4fc5c64a1f766.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  249cc9266aef91567f39cc71e6d1db73347cac9ec6f2aa95e2e4fc5c64a1f766
- Size
  
  813KB
- MD5
  
  a82b5a3878afc0cc0f339424cd39daf9
- SHA1
  
  43e2aa0072eef60a6261ee2b4455637bfe857444
- SHA256
  
  249cc9266aef91567f39cc71e6d1db73347cac9ec6f2aa95e2e4fc5c64a1f766
- SHA512
  
  d21930e1d6019af4f2850779b980b429edc66ffda7f37d7fb468eedeac9c8851f078041f268eaf4424739357c7259046ecff2798c177ae2284ef04c72ef6465c
- SSDEEP
  
  12288:rN2YioqA70wC6qtf3m8FutpPfKTMpIS+ph6AzKygyTpdhJw6MBgZBQ8kVNcu:Y0qA7Gm8FuXf3pIS+d6kGUBQ8V
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

© 2018-2024

Terms | Privacy