640acc16dc4d5aa4163a4c994928347cdba1529129ef59f071f2f58a52e27659 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Extreme_In...ta.exe

windows10-2004-x64

9

Extreme_In...ta.exe

ubuntu-18.04-amd64

Sharing

General

Target

Extreme_Injector_Beta.exe
Size

8.4MB
Sample

230326-2ew4dscc9z
MD5

38f42b32f33f5de210ca1e138cf63925
SHA1

e581bfbb5d325434102dedcf13a734c6529f11a2
SHA256

640acc16dc4d5aa4163a4c994928347cdba1529129ef59f071f2f58a52e27659
SHA512

13d1c35aac8e0440310d03b1d4bb65d48a36587a47edc856cb251655cda185b22dc201994049c244a4f5dcc87d9ebcfb52434cbb10c08c5a896142fead8d167d
SSDEEP

196608:gqfzJJ9L/qgfN78gcg5+iFOKr/lVzvNK1DTtl540tFEAd93siDA:X1z/qE89gsiFOSDDNWhl73dV3

Score

9^/10

linux pyinstaller spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Extreme_Injector_Beta.exe

Resource

win10v2004-20230220-en

spyware stealer upx

windows10-2004-x64

16 signatures

600 seconds

Behavioral task

behavioral2

Sample

Extreme_Injector_Beta.exe

Resource

ubuntu1804-amd64-en-20211208

ubuntu-18.04-amd64

0 signatures

600 seconds

Malware Config

Targets

- Target
  
  Extreme_Injector_Beta.exe
- Size
  
  8.4MB
- MD5
  
  38f42b32f33f5de210ca1e138cf63925
- SHA1
  
  e581bfbb5d325434102dedcf13a734c6529f11a2
- SHA256
  
  640acc16dc4d5aa4163a4c994928347cdba1529129ef59f071f2f58a52e27659
- SHA512
  
  13d1c35aac8e0440310d03b1d4bb65d48a36587a47edc856cb251655cda185b22dc201994049c244a4f5dcc87d9ebcfb52434cbb10c08c5a896142fead8d167d
- SSDEEP
  
  196608:gqfzJJ9L/qgfN78gcg5+iFOKr/lVzvNK1DTtl540tFEAd93siDA:X1z/qE89gsiFOSDDNWhl73dV3
Score

9^/10

spyware stealer upx
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Credentials in Files

Discovery

Process Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

© 2018-2024

Terms | Privacy