Overview

overview

8

Static

static

7

063f675afa...fa.exe

windows7-x64

8

063f675afa...fa.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    063f675afa71cad1702c4629693904fa

  • Size

    15KB

  • Sample

    231229-2wa79adac2

  • MD5

    063f675afa71cad1702c4629693904fa

  • SHA1

    1b5e9869af970f619a9d0ccdbe914e4b079ff84c

  • SHA256

    34da48ccb02257cffb25281ff8433bae1b94dbfaa95afe0a3a94c419fd4214c7

  • SHA512

    7837406f686461aa96c59f08ee446162444f8f50869cfa9ae4564019533fd70632b558dc143755f12c819e0f02fc6e13137b3cb96036d9e518bed5a30d1a3f40

  • SSDEEP

    192:dYVl8TAAMfhPTnmPIkglNe0LsEkLrLZxWUevQtDpcuajBcxaoVF6B7y:d1qhLYHgfXOrfsQtt9rVF6y

Score
8/10
evasionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      063f675afa71cad1702c4629693904fa

    • Size

      15KB

    • MD5

      063f675afa71cad1702c4629693904fa

    • SHA1

      1b5e9869af970f619a9d0ccdbe914e4b079ff84c

    • SHA256

      34da48ccb02257cffb25281ff8433bae1b94dbfaa95afe0a3a94c419fd4214c7

    • SHA512

      7837406f686461aa96c59f08ee446162444f8f50869cfa9ae4564019533fd70632b558dc143755f12c819e0f02fc6e13137b3cb96036d9e518bed5a30d1a3f40

    • SSDEEP

      192:dYVl8TAAMfhPTnmPIkglNe0LsEkLrLZxWUevQtDpcuajBcxaoVF6B7y:d1qhLYHgfXOrfsQtt9rVF6y

    Score
    8/10
    evasionpersistencespywarestealerupx

    • Blocklisted process makes network request

    • Modifies Windows Firewall

      evasion

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks