25c7e6c3df013fa9682a8957a5f166e0975ddb6a4e6454dbf7c2dfd221d1f21f | Triage

Submit
Reports

Overview

overview

7

Static

static

3

idk.exe

windows10-1703-x64

7

idk.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

idk.exe
Size

50.7MB
Sample

230401-kqkq3aha42
MD5

2955a17ee08f12b2c70daf75f8e6b4bc
SHA1

40acfd0c708bace8d66c0c9538200bf279ec873d
SHA256

25c7e6c3df013fa9682a8957a5f166e0975ddb6a4e6454dbf7c2dfd221d1f21f
SHA512

985d4ffc669d4345302ea27a956d0ac3a3eedb109e3a8d65a0cb495af8625930323ab32f104b8ff8f825e64cd65e80d2b65f69cb46cb8d32efe6ea3c6008e311
SSDEEP

1572864:s+giGtj54v61BwVBNwqi2cO8C6Q2kRT3c:Yk6MjOtVb3S3c

Score

7^/10

pyinstaller spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

idk.exe

Resource

win10-20230220-en

spyware stealer upx

windows10-1703-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

idk.exe

Resource

win10v2004-20230220-en

spyware stealer upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  idk.exe
- Size
  
  50.7MB
- MD5
  
  2955a17ee08f12b2c70daf75f8e6b4bc
- SHA1
  
  40acfd0c708bace8d66c0c9538200bf279ec873d
- SHA256
  
  25c7e6c3df013fa9682a8957a5f166e0975ddb6a4e6454dbf7c2dfd221d1f21f
- SHA512
  
  985d4ffc669d4345302ea27a956d0ac3a3eedb109e3a8d65a0cb495af8625930323ab32f104b8ff8f825e64cd65e80d2b65f69cb46cb8d32efe6ea3c6008e311
- SSDEEP
  
  1572864:s+giGtj54v61BwVBNwqi2cO8C6Q2kRT3c:Yk6MjOtVb3S3c
Score

7^/10

spyware stealer upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

spywarestealerupx

© 2018-2025

Terms | Privacy