fb02c1fb8d5e5579c507a89225d507f406c4640032f501503d871a7e4fb7c4be | Triage

Sharing

General

Target

fb02c1fb8d5e5579c507a89225d507f406c4640032f501503d871a7e4fb7c4be
Size

1.3MB
Sample

221128-etre5aaa3w
MD5

6c68f1c23170704526f38d5af4c7b13a
SHA1

c7f228ab56140478883230d38bd1254fcb351562
SHA256

fb02c1fb8d5e5579c507a89225d507f406c4640032f501503d871a7e4fb7c4be
SHA512

94a5a9d8acad493a6774e6f230b3a267e550c0fdd68030f46b4a2e1df8bf31759aaa037e781bb0dbcace4f319d482148ad202ee761a9483d1cbf3b7970291b3b
SSDEEP

24576:mRDUcBT5kTEdbyZGt02sU+KoCWU65mSS4YnwKaAkdayJsZsUe:Gnx5kTobyZmPvpWU6MSS4OwKaAkdWsr

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  fb02c1fb8d5e5579c507a89225d507f406c4640032f501503d871a7e4fb7c4be
- Size
  
  1.3MB
- MD5
  
  6c68f1c23170704526f38d5af4c7b13a
- SHA1
  
  c7f228ab56140478883230d38bd1254fcb351562
- SHA256
  
  fb02c1fb8d5e5579c507a89225d507f406c4640032f501503d871a7e4fb7c4be
- SHA512
  
  94a5a9d8acad493a6774e6f230b3a267e550c0fdd68030f46b4a2e1df8bf31759aaa037e781bb0dbcace4f319d482148ad202ee761a9483d1cbf3b7970291b3b
- SSDEEP
  
  24576:mRDUcBT5kTEdbyZGt02sU+KoCWU65mSS4YnwKaAkdayJsZsUe:Gnx5kTobyZmPvpWU6MSS4OwKaAkdWsr
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx