0e43fde459bde11b1ae07a881a27718406cf5e7a6433b151d555f697d8501604 | Triage

Submit
Reports

Overview

overview

8

Static

static

5

0e43fde459...04.exe

windows7-x64

5

0e43fde459...04.exe

windows10-2004-x64

8

Sharing

General

Target

0e43fde459bde11b1ae07a881a27718406cf5e7a6433b151d555f697d8501604
Size

2.8MB
Sample

221128-mtv3bagd83
MD5

5bf1ac8aeb2e05df61c581340cbbae76
SHA1

bfd0e18006c4a031509522e288a51eca071caf53
SHA256

0e43fde459bde11b1ae07a881a27718406cf5e7a6433b151d555f697d8501604
SHA512

d805d8cd262baea47e894265b380ce3245a739e7c30c3ef3f4118a66d3dc29ae4107ef802dfbf8fc3a1def1843825acdfb4a4342b416c1821b39a842528a2d05
SSDEEP

49152:AbCjPKNqQwb7N36AlP/VXh+UfhnNW5que5xuv:oCjPKNL

Score

8^/10

collection spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0e43fde459bde11b1ae07a881a27718406cf5e7a6433b151d555f697d8501604.exe

Resource

win7-20221111-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

0e43fde459bde11b1ae07a881a27718406cf5e7a6433b151d555f697d8501604.exe

Resource

win10v2004-20221111-en

collection spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e43fde459bde11b1ae07a881a27718406cf5e7a6433b151d555f697d8501604
- Size
  
  2.8MB
- MD5
  
  5bf1ac8aeb2e05df61c581340cbbae76
- SHA1
  
  bfd0e18006c4a031509522e288a51eca071caf53
- SHA256
  
  0e43fde459bde11b1ae07a881a27718406cf5e7a6433b151d555f697d8501604
- SHA512
  
  d805d8cd262baea47e894265b380ce3245a739e7c30c3ef3f4118a66d3dc29ae4107ef802dfbf8fc3a1def1843825acdfb4a4342b416c1821b39a842528a2d05
- SSDEEP
  
  49152:AbCjPKNqQwb7N36AlP/VXh+UfhnNW5que5xuv:oCjPKNL
Score

8^/10

collection spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook accounts
  collection
- Checks for any installed AV software in registry
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

collectionspywarestealerupx

© 2018-2024

Terms | Privacy