82612c711e5bc0166ffbc610ea6518161e0a132d3b9d1ad941175d4c3d3d093b | Triage

Submit
Reports

Overview

overview

7

Static

static

7

mvSysInfo.exe

windows7-x64

7

mvSysInfo.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

24d1848d0f2e35cd5e6db5ee4033067edf5e61f3aa7099bd975d0097ea0a8033.zip
Size

1.1MB
Sample

231120-ve4pxahb87
MD5

80fcd73caa1c90aa0d5e12b943e0e770
SHA1

91a659ed2b915fd4975d13fea72a7ec00eca4210
SHA256

82612c711e5bc0166ffbc610ea6518161e0a132d3b9d1ad941175d4c3d3d093b
SHA512

ad80f20ce1807f87d28fe442265fbbe0d1003e874aacd22de0745f8ab1e31345353636e56c805da2c91b9fc2bbd637588e8e12cf4e4c4f8dd38d5b8e7d6a0c26
SSDEEP

24576:OeI9MdV6uQXwPkWKYIdx0YAiEAj3dacLjahibTvCU:Ola6uQAPxzILRzyUb/

Score

7^/10

bootkit collection discovery evasion persistence spyware stealer trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mvSysInfo.exe

Resource

win7-20231025-en

bootkit collection discovery evasion persistence spyware stealer trojan upx

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral2

Sample

mvSysInfo.exe

Resource

win10v2004-20231020-en

bootkit collection discovery evasion persistence spyware stealer trojan upx

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  mvSysInfo.exe
- Size
  
  1.2MB
- MD5
  
  de4e303c44b6aae1c0a870ac8e1e34b4
- SHA1
  
  9ee0b98aa6b185de6d1907fa9eda07a82b137737
- SHA256
  
  24d1848d0f2e35cd5e6db5ee4033067edf5e61f3aa7099bd975d0097ea0a8033
- SHA512
  
  74f6b50ba0624456059b55434575e8434819c3ed34b3c25841bc1cb761c8285d9a59d76ed5f848220514ff2d79f5b986f18df49ee7491cb82d729c327d32e5b1
- SSDEEP
  
  24576:7/JM2v1pz2j162zxZ5/RITvflPJRlul1Pd4dr8wP:7xFv1pM6iS96m
Score

7^/10

bootkit collection discovery evasion persistence spyware stealer trojan upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitcollectiondiscoveryevasionpersistencespywarestealertrojanupx

behavioral2

bootkitcollectiondiscoveryevasionpersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy