afe417d9b8c9f9f27d1054e10e28c1305ef3f64bf9a892c6c907a18196da4f96 | Triage

Submit
Reports

Overview

overview

8

Static

static

afe417d9b8...96.exe

windows7-x64

8

afe417d9b8...96.exe

windows10-2004-x64

8

Sharing

General

Target

afe417d9b8c9f9f27d1054e10e28c1305ef3f64bf9a892c6c907a18196da4f96
Size

1.1MB
Sample

221130-29pykaha7y
MD5

ac653fbd0004cfd423ec5ec6d6aa49bd
SHA1

630f6f54bc37cec74a77a1c32b579e8acbd1cccc
SHA256

afe417d9b8c9f9f27d1054e10e28c1305ef3f64bf9a892c6c907a18196da4f96
SHA512

80ddc72e9c7c477cc93e99c18d7351727ddcff831a95a30a121598af2ef03ea14fb99b3a6ce06e82f68121b314ce1f49a311b94d81ffaea765c7aa725476d556
SSDEEP

24576:p+wFXp/7WJU45bvLl18mRPCVRJLoBQzIXstTIUIDaTub:4wFZ/7WJU45bvLl18mRaVLQHXstTIU5K

Score

8^/10

discovery persistence spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

afe417d9b8c9f9f27d1054e10e28c1305ef3f64bf9a892c6c907a18196da4f96.exe

Resource

win7-20221111-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

afe417d9b8c9f9f27d1054e10e28c1305ef3f64bf9a892c6c907a18196da4f96.exe

Resource

win10v2004-20221111-en

discovery persistence spyware stealer upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  afe417d9b8c9f9f27d1054e10e28c1305ef3f64bf9a892c6c907a18196da4f96
- Size
  
  1.1MB
- MD5
  
  ac653fbd0004cfd423ec5ec6d6aa49bd
- SHA1
  
  630f6f54bc37cec74a77a1c32b579e8acbd1cccc
- SHA256
  
  afe417d9b8c9f9f27d1054e10e28c1305ef3f64bf9a892c6c907a18196da4f96
- SHA512
  
  80ddc72e9c7c477cc93e99c18d7351727ddcff831a95a30a121598af2ef03ea14fb99b3a6ce06e82f68121b314ce1f49a311b94d81ffaea765c7aa725476d556
- SSDEEP
  
  24576:p+wFXp/7WJU45bvLl18mRPCVRJLoBQzIXstTIUIDaTub:4wFZ/7WJU45bvLl18mRaVLQHXstTIU5K
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy