39f63f5062941775fe552b89cc9c0353419aef6ab82ac3e0fea59dcc81fb7101 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

SpyHunter-...er.exe

windows10-2004-x64

8

Sharing

General

Target

SpyHunter-Installer.exe
Size

6.5MB
Sample

230208-cam79agg23
MD5

7c2eac93b7c112843a9de22aaa1d5c40
SHA1

217423244567f3f165f14b848f80fab68f76f6f4
SHA256

39f63f5062941775fe552b89cc9c0353419aef6ab82ac3e0fea59dcc81fb7101
SHA512

3090d3126ebb86e2e87c1f2ac22fec78531c26db14c1c8ff7a4aebac15f1d46d325cd12e4279e2120312a4b05a09e648f55c8d2984e278f1ad96a75276a8266a
SSDEEP

98304:3RDPRnFw3x1ymwmD1wTDVp9qcY/ZFwqvcJWzpIxdA1tPNZPDbhH1ox:3HneB1ymwTNbqcY/oqvcJWmxd89HKx

Score

8^/10

discovery evasion persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

SpyHunter-Installer.exe

Resource

win10v2004-20220812-es

discovery evasion persistence spyware stealer trojan

windows10-2004-x64

23 signatures

1800 seconds

Malware Config

Targets

- Target
  
  SpyHunter-Installer.exe
- Size
  
  6.5MB
- MD5
  
  7c2eac93b7c112843a9de22aaa1d5c40
- SHA1
  
  217423244567f3f165f14b848f80fab68f76f6f4
- SHA256
  
  39f63f5062941775fe552b89cc9c0353419aef6ab82ac3e0fea59dcc81fb7101
- SHA512
  
  3090d3126ebb86e2e87c1f2ac22fec78531c26db14c1c8ff7a4aebac15f1d46d325cd12e4279e2120312a4b05a09e648f55c8d2984e278f1ad96a75276a8266a
- SSDEEP
  
  98304:3RDPRnFw3x1ymwmD1wTDVp9qcY/ZFwqvcJWzpIxdA1tPNZPDbhH1ox:3HneB1ymwTNbqcY/oqvcJWmxd89HKx
Score

8^/10

discovery evasion persistence spyware stealer trojan
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Registers COM server for autorun
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

New Service

Registry Run Keys / Startup Folder

Privilege Escalation

New Service

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryevasionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy