ebb13c6320767291a2f1156acf6456b240d389ede54b53d9e148aa6b07a1152b | Triage

Submit
Reports

Overview

overview

8

Static

static

7

2b1f51db0d...88.exe

windows7-x64

8

2b1f51db0d...88.exe

windows10-2004-x64

8

Sharing

General

Target

85dfb3535a10b2c1a5688de6cc3d8240.bin
Size

380KB
Sample

230321-b12ynagc55
MD5

c4977208603c2d2d8b2c703aed955960
SHA1

d6fe6c6ad54681d7110dccf4f15173f76bc73312
SHA256

ebb13c6320767291a2f1156acf6456b240d389ede54b53d9e148aa6b07a1152b
SHA512

20ff0f6fe74dd9f6c5314a53532795373b0ccb02344a19d0a70ee5cc975e8bcad147f76db766c84d41e13b291afaa29ead97d7f030f4c34b13519fb4e5119aa5
SSDEEP

6144:Ts5zqYw4Sb7+gKB99TOTpKOB9QSZf4jqYROMUKqqamunMBO4DndRe7Bbj+OB2KWr:QZqJRaCp7B9QEAjqYR9qqAME4juj+OM9

Score

8^/10

spyware stealer upx vmprotect

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2b1f51db0db5312003d88a9098344664f516cc3d6fee0fcc05dcb4de74521e88.exe

Resource

win7-20230220-en

spyware stealer upx vmprotect

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

2b1f51db0db5312003d88a9098344664f516cc3d6fee0fcc05dcb4de74521e88.exe

Resource

win10v2004-20230220-en

spyware stealer upx vmprotect

windows10-2004-x64

18 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b1f51db0db5312003d88a9098344664f516cc3d6fee0fcc05dcb4de74521e88.exe
- Size
  
  386KB
- MD5
  
  85dfb3535a10b2c1a5688de6cc3d8240
- SHA1
  
  16b2f3641ef3e1e94a437b1cf6ad8999eec367e7
- SHA256
  
  2b1f51db0db5312003d88a9098344664f516cc3d6fee0fcc05dcb4de74521e88
- SHA512
  
  d8cd83c0fa0b40e00931a2e6ae50fc4b9c4d710b6bdb069397266b55313f3534f57401bcb1665f04177a778e618e9a0bf875c1e53934e2b08be6bee0c74cfa51
- SSDEEP
  
  12288:PX4fljUcdN3yWSxAQQouKSFglssknxP4My/SmfV:PEBb3QpjOF4X/Sm
Score

8^/10

spyware stealer upx vmprotect
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywarestealerupxvmprotect

behavioral2

spywarestealerupxvmprotect

© 2018-2024

Terms | Privacy