52479f22aa6dfc39fe72ff44d3fdc8721952cc50755fee9e6b21abeaa2948384 | Triage

Submit
Reports

Overview

overview

Static

static

3

1d98033c9b...09.exe

windows7-x64

1d98033c9b...09.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

1d98033c9beb899350b1c7760fe68409
Size

255KB
Sample

231230-1pzftshfc5
MD5

1d98033c9beb899350b1c7760fe68409
SHA1

14ffd5f158c63b44aa3ba3a4e6759813c3426398
SHA256

52479f22aa6dfc39fe72ff44d3fdc8721952cc50755fee9e6b21abeaa2948384
SHA512

1da4b6abdf29388ed13530fbf75b2119a0de43bd9d13f04cf420a34a183e0f335bac5977a2d8e4d20d1e32cb450b53cd926186725c894ef7cc8e53a36ea7d29b
SSDEEP

1536:HOfmSmg7NeYRN8Kk0Llzsox1IOZaHCMeLUsVg/d+9QEjyd:SmS/eq8Ktvx17aHfe4iOsuEE

Score

10^/10

evasion persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1d98033c9beb899350b1c7760fe68409.exe

Resource

win7-20231215-en

evasion persistence spyware stealer upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

1d98033c9beb899350b1c7760fe68409.exe

Resource

win10v2004-20231222-en

evasion persistence upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1d98033c9beb899350b1c7760fe68409
- Size
  
  255KB
- MD5
  
  1d98033c9beb899350b1c7760fe68409
- SHA1
  
  14ffd5f158c63b44aa3ba3a4e6759813c3426398
- SHA256
  
  52479f22aa6dfc39fe72ff44d3fdc8721952cc50755fee9e6b21abeaa2948384
- SHA512
  
  1da4b6abdf29388ed13530fbf75b2119a0de43bd9d13f04cf420a34a183e0f335bac5977a2d8e4d20d1e32cb450b53cd926186725c894ef7cc8e53a36ea7d29b
- SSDEEP
  
  1536:HOfmSmg7NeYRN8Kk0Llzsox1IOZaHCMeLUsVg/d+9QEjyd:SmS/eq8Ktvx17aHfe4iOsuEE
Score

10^/10

evasion persistence spyware stealer upx
- Modifies firewall policy service
  evasion
- Drops file in Drivers directory
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealerupx

behavioral2

evasionpersistenceupx

© 2018-2025

Terms | Privacy