Overview

overview

10

Static

static

3

syncUpd.exe

windows7-x64

10

syncUpd.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    146s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    07-01-2024 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    syncUpd.exe

  • Size

    314KB

  • MD5

    7d03e5cd75616615792ff5da7f630d43

  • SHA1

    20dbe01340369c1e10fabf28c898c6f9fff1ae34

  • SHA256

    b0810d72555442341dd38d894b2551d1823613bcb747e19ce511da4d5fde3903

  • SHA512

    d942769fc2ed3e4a1f6b170a538e8695471857c3c2148ed6c16ed9b148ce962119320e61744e82993c7f73e690828a0022b251ec5ac8d86253f1aeb2d0e43a01

  • SSDEEP

    6144:TARL0o0AGim9r1FTMOI8qdDPhfTgYn79oUq:TARX0AGisfQOIfDln7a

Score
10/10
stealcdiscoveryspywarestealer

Malware Config

Extracted

Family

stealc

C2

http://185.172.128.79

Attributes
  • url_path

    /3886d2276f6914c4.php

rc4.plain

Signatures

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\syncUpd.exe
    "C:\Users\Admin\AppData\Local\Temp\syncUpd.exe"
    1⤵
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    PID:2496

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2496-2-0x0000000000220000-0x000000000023C000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2496-1-0x00000000007D0000-0x00000000008D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2496-3-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2496-4-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2496-5-0x0000000061E00000-0x0000000061EF3000-memory.dmp

    Filesize

    972KB

    Download

  • memory/2496-34-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2496-35-0x00000000007D0000-0x00000000008D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2496-41-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2496-49-0x0000000000400000-0x000000000062E000-memory.dmp

    Filesize

    2.2MB

    Download