84f7ee2c9b64264fa7604dcd35bbb6f09e8fb1055723962f8b30c3470eb72558 | Triage

Submit
Reports

Overview

overview

8

Static

static

84f7ee2c9b...58.exe

windows7-x64

8

84f7ee2c9b...58.exe

windows10-2004-x64

8

Sharing

General

Target

84f7ee2c9b64264fa7604dcd35bbb6f09e8fb1055723962f8b30c3470eb72558
Size

1.2MB
Sample

221129-hcdpgsdh88
MD5

e27581132b3110c6445ca7cf95beed53
SHA1

0e10b267e2cf783a2d43ff4878e3fe38b30a9a32
SHA256

84f7ee2c9b64264fa7604dcd35bbb6f09e8fb1055723962f8b30c3470eb72558
SHA512

8e2bc3142be8f9db8729591d46c32c110f0a9440a1fb06446ef77f41679d6796fe9a6aa50971264e78067dd2c9dd36b218890aa47617740aefebfe8d3f73fc9e
SSDEEP

24576:DuzgnN3hihz3DBkXwm7GfH5wAmrlEyXdXAr:D5nN3Eh3dkXwm7G/5arl4

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

84f7ee2c9b64264fa7604dcd35bbb6f09e8fb1055723962f8b30c3470eb72558.exe

Resource

win7-20221111-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

84f7ee2c9b64264fa7604dcd35bbb6f09e8fb1055723962f8b30c3470eb72558.exe

Resource

win10v2004-20220812-en

discovery persistence spyware stealer upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  84f7ee2c9b64264fa7604dcd35bbb6f09e8fb1055723962f8b30c3470eb72558
- Size
  
  1.2MB
- MD5
  
  e27581132b3110c6445ca7cf95beed53
- SHA1
  
  0e10b267e2cf783a2d43ff4878e3fe38b30a9a32
- SHA256
  
  84f7ee2c9b64264fa7604dcd35bbb6f09e8fb1055723962f8b30c3470eb72558
- SHA512
  
  8e2bc3142be8f9db8729591d46c32c110f0a9440a1fb06446ef77f41679d6796fe9a6aa50971264e78067dd2c9dd36b218890aa47617740aefebfe8d3f73fc9e
- SSDEEP
  
  24576:DuzgnN3hihz3DBkXwm7GfH5wAmrlEyXdXAr:D5nN3Eh3dkXwm7G/5arl4
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2024

Terms | Privacy