Extracted

• • Target

    79e4dff23f4655df08a43192b1806682

  • Size

    743KB

  • MD5

    79e4dff23f4655df08a43192b1806682

  • SHA1

    70a7090ee5175dcca7d4b57ee00c2856543c14d3

  • SHA256

    c64176e0fdefcb2b1fdb9a8a6fb541f103a7f9acba8a83812304802889ca1a84

  • SHA512

    92ce4e2d5f2c36c8d7e6c35950ca3caeb7823aec0b5d21c360084f87fa6b2ff7407bc4c70638dd66569af8c9e11b250d6b6bab6a50911555008d66bd70b3ba8a

  • SSDEEP

    12288:FUr/hVLFKNCmWDoF3tCLTmXKNAY7S5mFkQOUCJLA8:FUj7FKNkDoF3tQyXKN+lQPCRz

  Score

  10^/10

  persistencespywarestealerupx

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence
  behavioral1behavioral2