e5b0895524a4f081d1df8dfd7fd639e8bc90c45ad7372e558b176d7e1f528808 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

Impunctual.exe

windows7-x64

8

Impunctual.exe

windows10-2004-x64

7

Sharing

General

Target

e5b0895524a4f081d1df8dfd7fd639e8bc90c45ad7372e558b176d7e1f528808
Size

414KB
Sample

230919-n95r5agh21
MD5

7e5a22c9469ef9d455256211667017c2
SHA1

17f42bcf087df6ac3e0a13156897757783ec0f58
SHA256

e5b0895524a4f081d1df8dfd7fd639e8bc90c45ad7372e558b176d7e1f528808
SHA512

645bf4e961552df201f09839cedd2eed0a12eaac856757701f86dbbc88125bdd3e2c8d1fcb16aab5ef1fba273b2b21ca2440c82a7cd492a292e1afcd32179cc0
SSDEEP

6144:9ew1+qyJSA1Q8kZt/z6unSe+rBqYS3NfwseUAM5vDIYAe22tBvY4fEYdggWVMH8S:4w1FyYYkjOiJ3YS3NXbAM5vkDpm8U9

Score

8^/10

spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Impunctual.exe

Resource

win7-20230831-en

spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

Impunctual.exe

Resource

win10v2004-20230915-en

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  Impunctual.exe
- Size
  
  493KB
- MD5
  
  2f0cf25525b6a76143fa33593fd25817
- SHA1
  
  3b8f11af87a78fb2934cf86eaca91f3716cdf25f
- SHA256
  
  ac3caadfd56d2d2a3df17506a017f80163a3f4f20cee0966854b1d36440e3474
- SHA512
  
  a07d67b4f0cc76dc5e68d21e1c9c9e027f1d2d2084dae43a02a655b269baf5f5d0d7ceaf5115012fa33e687ede494050e11181817a90d75e6f49aec7c50b516f
- SSDEEP
  
  12288:Kwc+QuYKa2iRnvwKcqc71eaI8YCAv+AVRUj0DgUDssb:KWaw137HImGR4y1
Score

8^/10

spyware stealer
- Blocklisted process makes network request
- Checks QEMU agent file
  Checks presence of QEMU agent, possibly to detect virtualization.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy