87996cc12b3919fb370a67e45b037e0b75f1de66df8afcca060f0ac8e3464910 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

SpyHunter-...er.exe

windows10-2004-x64

8

Resubmissions

27-08-2023 06:21

230827-g4ev7ahg6z 10

27-08-2023 05:29

230827-f6wfaahf7w 8

Sharing

General

Target

SpyHunter-5.15-6-5285-Installer.exe
Size

6.8MB
Sample

230827-f6wfaahf7w
MD5

07386184c9f3ab2b533c73c854398805
SHA1

ed43d9745c5f8f91cf90003647ca983d7e0b037e
SHA256

87996cc12b3919fb370a67e45b037e0b75f1de66df8afcca060f0ac8e3464910
SHA512

c4c6caf978e93161c71e1b5391d210210fe35e640ea4bacc1dd3ecc812c71ad0b06fd2d45a2155a35f84803d17114e909b95df18407a9959167d07c7667afad6
SSDEEP

98304:S5lVuh2IHJm4PO1FFGlapRGR+Tj9GsYz40ng7ifP8roXtRCvrUEr7MkHkcZCDbhd:SPI1kt5TAWifPXtwUEX8D9H9

Score

8^/10

persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SpyHunter-5.15-6-5285-Installer.exe

Resource

win10v2004-20230703-en

persistence spyware stealer

windows10-2004-x64

25 signatures

600 seconds

Malware Config

Targets

- Target
  
  SpyHunter-5.15-6-5285-Installer.exe
- Size
  
  6.8MB
- MD5
  
  07386184c9f3ab2b533c73c854398805
- SHA1
  
  ed43d9745c5f8f91cf90003647ca983d7e0b037e
- SHA256
  
  87996cc12b3919fb370a67e45b037e0b75f1de66df8afcca060f0ac8e3464910
- SHA512
  
  c4c6caf978e93161c71e1b5391d210210fe35e640ea4bacc1dd3ecc812c71ad0b06fd2d45a2155a35f84803d17114e909b95df18407a9959167d07c7667afad6
- SSDEEP
  
  98304:S5lVuh2IHJm4PO1FFGlapRGR+Tj9GsYz40ng7ifP8roXtRCvrUEr7MkHkcZCDbhd:SPI1kt5TAWifPXtwUEX8D9H9
Score

8^/10

persistence spyware stealer
- Creates new service(s)
  persistence
- Drops file in Drivers directory
- Patched UPX-packed file
  Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Create or Modify System Process

Windows Service

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

persistencespywarestealer

© 2018-2024

Terms | Privacy