571018b65a1137c05d0f256bc01ed26dc091e42b6cdcab8e91e9ff80d3da01d6 | Triage

Submit
Reports

Overview

overview

8

Static

static

IMG_4681_O...er.exe

windows10-1703-x64

8

IMG_4681_O...er.exe

windows7-x64

8

IMG_4681_O...er.exe

windows10-2004-x64

8

Resubmissions

12-01-2023 13:20

230112-qk7arsbg9w 8

12-01-2023 10:30

230112-mjzyhsbe5s 8

Sharing

General

Target

8766596152.zip
Size

32.3MB
Sample

230112-qk7arsbg9w
MD5

9dbffaa4510860fa9708724708fe27e6
SHA1

5cc281d25c2eb2f65a62689bd5c232437f4fe45d
SHA256

571018b65a1137c05d0f256bc01ed26dc091e42b6cdcab8e91e9ff80d3da01d6
SHA512

1b890861932b2d016727c66c13be259286baf7a481882207cdbb5a08c43d39106acda51416fa87b16706ebc04e3ffaa9f9bd5f6680a5aae4c1a6a3069d25ccc8
SSDEEP

786432:Y+Ug7GppLTZ6SE6xL5jSnFdz6Ja9pO+CA5WzawTFW:3EpLTZ6P6xdm6gT5Wzzc

Score

8^/10

spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

IMG_4681_One_Night_Stand_Li_Shaw - Hwang_Chung_Wa_Studio - By_Gal_Dong_Min_Photographer.exe

Resource

win10-20220901-en

windows10-1703-x64

4 signatures

300 seconds

Behavioral task

behavioral2

Sample

IMG_4681_One_Night_Stand_Li_Shaw - Hwang_Chung_Wa_Studio - By_Gal_Dong_Min_Photographer.exe

Resource

win7-20220812-en

spyware stealer

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral3

Sample

IMG_4681_One_Night_Stand_Li_Shaw - Hwang_Chung_Wa_Studio - By_Gal_Dong_Min_Photographer.exe

Resource

win10v2004-20221111-en

spyware stealer

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  IMG_4681_One_Night_Stand_Li_Shaw - Hwang_Chung_Wa_Studio - By_Gal_Dong_Min_Photographer.exe
- Size
  
  153KB
- MD5
  
  37932fd952d6d845927f25f42cb3c628
- SHA1
  
  d0d7e1b7cfb13a0999ef4c4733b83275a1de2440
- SHA256
  
  cb807472bb6d4d1113fcbc209d6a08fa80ff9e53c83b1aa37f9d6f549affd68c
- SHA512
  
  403dce223d9cbb4241f21a773cfc55501e4141b161c3ba60397c75d533c3abbd420a8f526f6aac7f2a0a5b7b91361ed013641f0d40afc00680428db3c1dbb49b
- SSDEEP
  
  1536:UJSV1Mq4KjdA0ejIB+7YeEsczbruUdwpiOpiq3hlV:UJKMq4KjdA0ejIB2sbbiUqhrV
Score

8^/10

spyware stealer
- Executes dropped EXE
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2025

Terms | Privacy