afebf71d9de5c36bab85df48527ceae0326c28803af33ad6071fd34d8e693d25 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

afebf71d9de5c36bab85df48527ceae0326c28803af33ad6071fd34d8e693d25
Size

1.0MB
Sample

221204-gwalhagg2z
MD5

8ac309c04993381619b0194936f72c73
SHA1

2e93599455f88ece36f45a8700f9fe19e52aacb3
SHA256

afebf71d9de5c36bab85df48527ceae0326c28803af33ad6071fd34d8e693d25
SHA512

23433e31b6ecc61ccde21b261cd6efadfa885af97b5844b8eb87fa804f0e28db94796633cf22683d3aeb4b45643bbd224b45e7d23bce7ec2a34ad990336ca6de
SSDEEP

24576:1dm3Slw+wAnNRRTjkro9sNB9SSMA/ocUKNp1/8h6tD+a89:1dmOXR8ro9sNBcA/oc/p1b6z9

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Targets

- Target
  
  afebf71d9de5c36bab85df48527ceae0326c28803af33ad6071fd34d8e693d25
- Size
  
  1.0MB
- MD5
  
  8ac309c04993381619b0194936f72c73
- SHA1
  
  2e93599455f88ece36f45a8700f9fe19e52aacb3
- SHA256
  
  afebf71d9de5c36bab85df48527ceae0326c28803af33ad6071fd34d8e693d25
- SHA512
  
  23433e31b6ecc61ccde21b261cd6efadfa885af97b5844b8eb87fa804f0e28db94796633cf22683d3aeb4b45643bbd224b45e7d23bce7ec2a34ad990336ca6de
- SSDEEP
  
  24576:1dm3Slw+wAnNRRTjkro9sNB9SSMA/ocUKNp1/8h6tD+a89:1dmOXR8ro9sNBcA/oc/p1b6z9
Score

8^/10

discovery persistence spyware stealer upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2