c5aec9cef86c2e699589bd39bb4a5f317326716ea2ae7dcb6c4802023b257dc4 | Triage

Sharing

General

Target

c5aec9cef86c2e699589bd39bb4a5f317326716ea2ae7dcb6c4802023b257dc4
Size

1.3MB
Sample

221128-gfyndsac38
MD5

76a5395375950946ec26af0b03ee1a6d
SHA1

622c77f7f73397a5a9e20f810796afd82b456b48
SHA256

c5aec9cef86c2e699589bd39bb4a5f317326716ea2ae7dcb6c4802023b257dc4
SHA512

093c9d970b2c419ee7b0088e7c1805853870b95e07f3b063038c590e0904b07ec1e28c1cabb0c020157957d5f18624d95e93b435c30cd23685cb93899e07107a
SSDEEP

24576:mX+eNy774FYoMxiDavzXCPWJVLaBfLkieqRqGul/pPuR+ds2sx:pj70F7MksdJJaBjVhqGubuR+C

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  c5aec9cef86c2e699589bd39bb4a5f317326716ea2ae7dcb6c4802023b257dc4
- Size
  
  1.3MB
- MD5
  
  76a5395375950946ec26af0b03ee1a6d
- SHA1
  
  622c77f7f73397a5a9e20f810796afd82b456b48
- SHA256
  
  c5aec9cef86c2e699589bd39bb4a5f317326716ea2ae7dcb6c4802023b257dc4
- SHA512
  
  093c9d970b2c419ee7b0088e7c1805853870b95e07f3b063038c590e0904b07ec1e28c1cabb0c020157957d5f18624d95e93b435c30cd23685cb93899e07107a
- SSDEEP
  
  24576:mX+eNy774FYoMxiDavzXCPWJVLaBfLkieqRqGul/pPuR+ds2sx:pj70F7MksdJJaBjVhqGubuR+C
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx