f14fafc08f5570d6b4a2488ace630cb91b60a34454f324053e9a485b6ec8e948 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

565606130a...c9.exe

windows7-x64

9

565606130a...c9.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

565606130a5a681e104cf4bb9ebbd1c9
Size

2.8MB
Sample

240112-nlx3dafaan
MD5

565606130a5a681e104cf4bb9ebbd1c9
SHA1

ffd2edb91b9ffbd63c2e7a8c6cb4a49d8c64bd93
SHA256

f14fafc08f5570d6b4a2488ace630cb91b60a34454f324053e9a485b6ec8e948
SHA512

994d25978624aeb2d64165f3d5ea56329e94e03b3dbcdca8b6aaedfe52f7eb916f0da62b92644abdf46ff7ccf539f4c9bd8f268b13bbf8354d9ca2e6efb3751c
SSDEEP

49152:gsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:aqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs

Score

9^/10

spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

565606130a5a681e104cf4bb9ebbd1c9.exe

Resource

win7-20231215-en

spyware stealer upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

565606130a5a681e104cf4bb9ebbd1c9.exe

Resource

win10v2004-20231215-en

spyware stealer upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  565606130a5a681e104cf4bb9ebbd1c9
- Size
  
  2.8MB
- MD5
  
  565606130a5a681e104cf4bb9ebbd1c9
- SHA1
  
  ffd2edb91b9ffbd63c2e7a8c6cb4a49d8c64bd93
- SHA256
  
  f14fafc08f5570d6b4a2488ace630cb91b60a34454f324053e9a485b6ec8e948
- SHA512
  
  994d25978624aeb2d64165f3d5ea56329e94e03b3dbcdca8b6aaedfe52f7eb916f0da62b92644abdf46ff7ccf539f4c9bd8f268b13bbf8354d9ca2e6efb3751c
- SSDEEP
  
  49152:gsmhnqAs9pJc0dnKh+Q0N1rs+vIUSg+6+8ohnRh1Na1OKM6nYAKhFQpSH3Oh5gxr:aqXpy05Q0N1rsYSZ6BoXh1kkypSH3Ohs
Score

9^/10

spyware stealer upx
- NirSoft WebBrowserPassView
  Password recovery tool for various web browsers
- Nirsoft
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

spywarestealerupx

© 2018-2025

Terms | Privacy