f542b85da75ff44e12a3972d08fb2ae9ac5049a98f3882792c19cc29972df9ea | Triage

Submit
Reports

Overview

overview

7

Static

static

3

setup.exe

windows7-x64

7

setup.exe

windows10-2004-x64

7

Sharing

General

Target

setup.exe
Size

13.9MB
Sample

230205-l8994scd6s
MD5

7337cdeea4a3320fd7829e5329351ed2
SHA1

2eb77e60c8c524f2d942f3511221bd7a1814f38d
SHA256

f542b85da75ff44e12a3972d08fb2ae9ac5049a98f3882792c19cc29972df9ea
SHA512

53951883c3dafc291b8b34a28585dfee405b19f9476c97104bf86ed75b496fc4e8b75dfa44dd9d7e4c3b04361b6c2dbc8898a8fad248998753c64af3e73ece7f
SSDEEP

196608:+9XZAlqpb7KX/x1HhyehNJm3AqdKDnO8NpkSgsAGKaR2uDmytamPUkVOxbOvEbe8:4ZAlqYXJBb/m3pgDOEkSgsvj7M+wKYH

Score

7^/10

persistence pyinstaller spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

setup.exe

Resource

win7-20221111-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

setup.exe

Resource

win10v2004-20220812-en

persistence spyware stealer upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  setup.exe
- Size
  
  13.9MB
- MD5
  
  7337cdeea4a3320fd7829e5329351ed2
- SHA1
  
  2eb77e60c8c524f2d942f3511221bd7a1814f38d
- SHA256
  
  f542b85da75ff44e12a3972d08fb2ae9ac5049a98f3882792c19cc29972df9ea
- SHA512
  
  53951883c3dafc291b8b34a28585dfee405b19f9476c97104bf86ed75b496fc4e8b75dfa44dd9d7e4c3b04361b6c2dbc8898a8fad248998753c64af3e73ece7f
- SSDEEP
  
  196608:+9XZAlqpb7KX/x1HhyehNJm3AqdKDnO8NpkSgsAGKaR2uDmytamPUkVOxbOvEbe8:4ZAlqYXJBb/m3pgDOEkSgsvj7M+wKYH
Score

7^/10

upx persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

persistencespywarestealerupx

© 2018-2024

Terms | Privacy