af6d35c90e724f420b2c7429ba4d347a1ad1f00d8de0b8cfe23a6e7a343ca6d5 | Triage

Sharing

General

Target

af6d35c90e724f420b2c7429ba4d347a1ad1f00d8de0b8cfe23a6e7a343ca6d5
Size

169KB
Sample

221204-mpp1habb83
MD5

dfee4e89c441a69720ab9f747e249383
SHA1

afcef05418af54ba7072a8c3ef2c7bb5df62ffae
SHA256

af6d35c90e724f420b2c7429ba4d347a1ad1f00d8de0b8cfe23a6e7a343ca6d5
SHA512

ee6743eb3b415d63f2259697232abbfe4e871a63095ac82396b00f76b2a45673998c57add989e577329db3e78f320a23ee9fd025488aaf14245c778bb7ea23cd
SSDEEP

3072:nhE+PBd+GPAXyvC9pwN9CNQn9pIdijFzrftGe8pvrSfXVw0lT5/ErPpNg8F:nKkb+AKw+GIdijFzrseyWp5/Is8

Score

10^/10

persistence spyware stealer upx

Malware Config

Targets

- Target
  
  af6d35c90e724f420b2c7429ba4d347a1ad1f00d8de0b8cfe23a6e7a343ca6d5
- Size
  
  169KB
- MD5
  
  dfee4e89c441a69720ab9f747e249383
- SHA1
  
  afcef05418af54ba7072a8c3ef2c7bb5df62ffae
- SHA256
  
  af6d35c90e724f420b2c7429ba4d347a1ad1f00d8de0b8cfe23a6e7a343ca6d5
- SHA512
  
  ee6743eb3b415d63f2259697232abbfe4e871a63095ac82396b00f76b2a45673998c57add989e577329db3e78f320a23ee9fd025488aaf14245c778bb7ea23cd
- SSDEEP
  
  3072:nhE+PBd+GPAXyvC9pwN9CNQn9pIdijFzrftGe8pvrSfXVw0lT5/ErPpNg8F:nKkb+AKw+GIdijFzrseyWp5/Is8
Score

10^/10

persistence spyware stealer upx
- Modifies WinLogon for persistence
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealerupx

behavioral2