a17646989a98441e7af835c62a148cfd1c3936a5dfc79cdd76f340e1b42b1c88 | Triage

Submit
Reports

Overview

overview

Static

static

8

a17646989a...88.exe

windows7-x64

a17646989a...88.exe

windows10-2004-x64

Sharing

General

Target

a17646989a98441e7af835c62a148cfd1c3936a5dfc79cdd76f340e1b42b1c88
Size

853KB
Sample

221205-jlbrxsdf2z
MD5

6a8e6b872ccb683aaf31b19bd2151b56
SHA1

22fa0fc7b33047041c4947b06af29fffbb3d9e6a
SHA256

a17646989a98441e7af835c62a148cfd1c3936a5dfc79cdd76f340e1b42b1c88
SHA512

7cd065d465caebfb9c0877e13cce89ac0383ccc2b74f0052737890a5a9fd1eaf33840def251364bd43d72a741a5835960906bcd98ab17dc24847933ed5273e31
SSDEEP

6144:0uIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLPHkwix1hKZ5xl4g6:f6Wq4aaE6KwyF5L0Y2D1PqLYx1ha3l4X

Score

10^/10

evasion persistence spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a17646989a98441e7af835c62a148cfd1c3936a5dfc79cdd76f340e1b42b1c88.exe

Resource

win7-20220901-en

evasion persistence spyware stealer trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

a17646989a98441e7af835c62a148cfd1c3936a5dfc79cdd76f340e1b42b1c88.exe

Resource

win10v2004-20220812-en

evasion persistence spyware stealer trojan upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  a17646989a98441e7af835c62a148cfd1c3936a5dfc79cdd76f340e1b42b1c88
- Size
  
  853KB
- MD5
  
  6a8e6b872ccb683aaf31b19bd2151b56
- SHA1
  
  22fa0fc7b33047041c4947b06af29fffbb3d9e6a
- SHA256
  
  a17646989a98441e7af835c62a148cfd1c3936a5dfc79cdd76f340e1b42b1c88
- SHA512
  
  7cd065d465caebfb9c0877e13cce89ac0383ccc2b74f0052737890a5a9fd1eaf33840def251364bd43d72a741a5835960906bcd98ab17dc24847933ed5273e31
- SSDEEP
  
  6144:0uIlWqB+ihabs7Ch9KwyF5LeLodp2D1Mmakda0qLPHkwix1hKZ5xl4g6:f6Wq4aaE6KwyF5L0Y2D1PqLYx1ha3l4X
Score

10^/10

evasion persistence spyware stealer trojan upx
- UAC bypass
  evasion trojan
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojanupx

behavioral2

evasionpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy