749635fd11938a4ea105ad99f9a706d4a47890c1ad428cf6125958ddc1744fbf | Triage

Submit
Reports

Overview

overview

Static

static

749635fd11...bf.exe

windows7-x64

749635fd11...bf.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

749635fd11938a4ea105ad99f9a706d4a47890c1ad428cf6125958ddc1744fbf
Size

771KB
Sample

221129-g1dtqafh8z
MD5

3ffad42e2e3cfd13037aa0533ed909f1
SHA1

603014c761d72273b6dec968b72b7a3df8dc7c83
SHA256

749635fd11938a4ea105ad99f9a706d4a47890c1ad428cf6125958ddc1744fbf
SHA512

8cf29b5ea9c8190a36e4d32af0320add230a73f5479d1340dd42c3f9819c6d1c2f84b19a5e4fbabe854cb528c621b45e95949be1ffc4880d785c2f4312e22376
SSDEEP

12288:uRYco+gunQUnykqVNeN24eq0P1FF/4mt6HhLJ:u2ZunQUnaVNeN2xnF/4JHhLJ

Score

10^/10

evasion persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

749635fd11938a4ea105ad99f9a706d4a47890c1ad428cf6125958ddc1744fbf.exe

Resource

win7-20221111-en

evasion persistence spyware stealer upx

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

749635fd11938a4ea105ad99f9a706d4a47890c1ad428cf6125958ddc1744fbf.exe

Resource

win10v2004-20220812-en

evasion persistence spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
keylogger

Targets

- Target
  
  749635fd11938a4ea105ad99f9a706d4a47890c1ad428cf6125958ddc1744fbf
- Size
  
  771KB
- MD5
  
  3ffad42e2e3cfd13037aa0533ed909f1
- SHA1
  
  603014c761d72273b6dec968b72b7a3df8dc7c83
- SHA256
  
  749635fd11938a4ea105ad99f9a706d4a47890c1ad428cf6125958ddc1744fbf
- SHA512
  
  8cf29b5ea9c8190a36e4d32af0320add230a73f5479d1340dd42c3f9819c6d1c2f84b19a5e4fbabe854cb528c621b45e95949be1ffc4880d785c2f4312e22376
- SSDEEP
  
  12288:uRYco+gunQUnykqVNeN24eq0P1FF/4mt6HhLJ:u2ZunQUnaVNeN2xnF/4JHhLJ
Score

10^/10

evasion persistence spyware stealer upx
- Nirsoft
- Executes dropped EXE
- Modifies Windows Firewall
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealerupx

behavioral2

evasionpersistencespywarestealerupx

© 2018-2025

Terms | Privacy