d16252f2f50c4de305f9fbc3ec622f6c273ced080da7824e3552e5a058a9d416 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d16252f2f50c4de305f9fbc3ec622f6c273ced080da7824e3552e5a058a9d416
Size

1.4MB
Sample

221127-zv2mpsdb7t
MD5

ddc8af4bf7834642dc00cd0ad8aae7ba
SHA1

55a0c0e22c4eec9622e6b4027a8ddc0179a350bb
SHA256

d16252f2f50c4de305f9fbc3ec622f6c273ced080da7824e3552e5a058a9d416
SHA512

f3d40bedfadc0e54f463b7c1916d68180dabd1a7d98f8206e207f7a2f75b2cec4262e44a40e3b43200f563dc3cdd1cf0756198ee526ef55c0c5bbbbc61974ae3
SSDEEP

12288:BdTUP+GnzU4f6Rkl5iP1WA4prXIO2DAvEPCHoAucEmm/TJm38J3jjZZJL2yWT8fD:BZ860FA4TMAs9WYJm38JTnwyW8ou

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  d16252f2f50c4de305f9fbc3ec622f6c273ced080da7824e3552e5a058a9d416
- Size
  
  1.4MB
- MD5
  
  ddc8af4bf7834642dc00cd0ad8aae7ba
- SHA1
  
  55a0c0e22c4eec9622e6b4027a8ddc0179a350bb
- SHA256
  
  d16252f2f50c4de305f9fbc3ec622f6c273ced080da7824e3552e5a058a9d416
- SHA512
  
  f3d40bedfadc0e54f463b7c1916d68180dabd1a7d98f8206e207f7a2f75b2cec4262e44a40e3b43200f563dc3cdd1cf0756198ee526ef55c0c5bbbbc61974ae3
- SSDEEP
  
  12288:BdTUP+GnzU4f6Rkl5iP1WA4prXIO2DAvEPCHoAucEmm/TJm38J3jjZZJL2yWT8fD:BZ860FA4TMAs9WYJm38JTnwyW8ou
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx