Overview

overview

7

Static

static

3

vrytex/config.json

windows10-1703-x64

3

vrytex/vrytex.exe

windows10-1703-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    vrytex.rar

  • Size

    17.6MB

  • Sample

    230421-amdhgafa4v

  • MD5

    871205dd61f3f071a438c6430772201f

  • SHA1

    97c802594c678016536d6e55efd051751c2cd3a4

  • SHA256

    1bc29496ef6e47a671adf1bbcacb3a9f2733fab953bd8f3353ced0aeac2f84ea

  • SHA512

    45218cc2d5593c84f8cab3828f4de11555816995c5355a14c7cb4911eb9255f53d7239760d8e5b00aef3047df52f92608098348e3604be485d978d666b3e4712

  • SSDEEP

    393216:Jmz03JHtI5FPplML6UEIGUPs1w8CnkoipLsmo4z:gktI5SObIGAs1xCnEI4z

Score
7/10
pyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      vrytex/config.json

    • Size

      98B

    • MD5

      aea0215c1e06d7cd377316b28efc3fc8

    • SHA1

      764978811e0d7e12eb4d9f7f458b65ba78b0641e

    • SHA256

      70215a2af3bc102ec666506f1938e43e66bd8d962f9059764fcaeb463c8a2928

    • SHA512

      8779d305b65ea6ebf54a6cd4cd30875b948a48cb3e99e8ac4b3b5a61189d5cee33aaa6934dfbcb5f14cec0f5f2943b2598a8a591a2d30e27ad1303b3a4484ae8

    Score
    3/10
    behavioral1

    • Target

      vrytex/vrytex.exe

    • Size

      17.7MB

    • MD5

      113880909353e783bd350661e9036341

    • SHA1

      c290be72c8aea7ac384e42580988f23206a3b771

    • SHA256

      af677a18a9a399514c8fb67af22aadc0ddd32726f691702c288133dfa2e1bc96

    • SHA512

      1c03671ac77e377a4f128fc18ec840e76000cf0b25d986e7ff88f0afe219681830849d478ae3438940af5ca643eda21db3c8c75e08b3348a7ef4e36b4ccaabdc

    • SSDEEP

      393216:ZxAlnfLFKAQIX4/m3pFFqyoBgsSptghUQ1Cg7:0ljFKAX4Ky1mtgL1V7

    Score
    7/10
    spywarestealerupx

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    behavioral2

MITRE ATT&CK Enterprise v6

Tasks