Overview

overview

10

Static

static

3

syncUpd.exe

windows7-x64

10

syncUpd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    187s
  • max time network
    234s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/01/2024, 23:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    syncUpd.exe

  • Size

    206KB

  • MD5

    0eb259c9bb69e54c47142edabc61c6c1

  • SHA1

    992e444b163be213ecaa0bb1d12be5d74093a54d

  • SHA256

    7d0eb3e819a8aad18bdcdf7f212c77663a79b3d048636878655dbe3730ff82ea

  • SHA512

    fa271947f9785ad11115e2ea901d37f29e57a48dd0c87b5a498c00aff3cdec69033b44569522d3924444ae04c6c1e5b4a1710c35e24fd46acaf0c22ccf123e07

  • SSDEEP

    3072:s3Lm1avguXOep+fJicd5t+thg1UpV2pFgrooLMMCS165DxZREYyUD:s3LmPgOep+zdJ1Up0pDoLrCT5yw

Score
10/10
stealcdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
    "C:\Users\Admin\AppData\Local\Temp\syncUpd.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4988

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4988-1-0x0000000000680000-0x0000000000780000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4988-2-0x00000000007B0000-0x00000000007CC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4988-3-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4988-4-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4988-6-0x0000000000680000-0x0000000000780000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4988-8-0x00000000007B0000-0x00000000007CC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/4988-11-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4988-12-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4988-13-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4988-15-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/4988-54-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4988-58-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4988-67-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download