8688cae5f3d97116fa5f1f7e18b02073303a2837f2420c71b7daf4fc3d8dd2c9 | Triage

Submit
Reports

Overview

overview

8

Static

static

8688cae5f3...c9.exe

windows7-x64

8

8688cae5f3...c9.exe

windows10-2004-x64

8

Sharing

General

Target

8688cae5f3d97116fa5f1f7e18b02073303a2837f2420c71b7daf4fc3d8dd2c9
Size

537KB
Sample

221201-b7dveadc53
MD5

e34be37ea56e90609c46364e91aec143
SHA1

3cc3d72c992f1672a9ace87fdf58ca94116850eb
SHA256

8688cae5f3d97116fa5f1f7e18b02073303a2837f2420c71b7daf4fc3d8dd2c9
SHA512

599e67b50ee5e9175623fcb5cf793ee47c9d68bb8d6ca2fdbaf0371df360efa02016819e5c3956d73c0e129e088d45f10e336864ff2d0853a970132ab9d4f172
SSDEEP

6144:b1dlZro5yCncLWo64/ZnbraJ8xqzH8wAhLoDv1W8yng98EauDKkMpZ7e8CUfnIXY:b1dlZo5yWcO4Nhxq7ZvAWRxwS4nUX28i

Score

8^/10

spyware stealer upx

Static task

static1

Behavioral task

behavioral1

Sample

8688cae5f3d97116fa5f1f7e18b02073303a2837f2420c71b7daf4fc3d8dd2c9.exe

Resource

win7-20220901-en

spyware stealer upx

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

8688cae5f3d97116fa5f1f7e18b02073303a2837f2420c71b7daf4fc3d8dd2c9.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  8688cae5f3d97116fa5f1f7e18b02073303a2837f2420c71b7daf4fc3d8dd2c9
- Size
  
  537KB
- MD5
  
  e34be37ea56e90609c46364e91aec143
- SHA1
  
  3cc3d72c992f1672a9ace87fdf58ca94116850eb
- SHA256
  
  8688cae5f3d97116fa5f1f7e18b02073303a2837f2420c71b7daf4fc3d8dd2c9
- SHA512
  
  599e67b50ee5e9175623fcb5cf793ee47c9d68bb8d6ca2fdbaf0371df360efa02016819e5c3956d73c0e129e088d45f10e336864ff2d0853a970132ab9d4f172
- SSDEEP
  
  6144:b1dlZro5yCncLWo64/ZnbraJ8xqzH8wAhLoDv1W8yng98EauDKkMpZ7e8CUfnIXY:b1dlZo5yWcO4Nhxq7ZvAWRxwS4nUX28i
Score

8^/10

spyware stealer upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy