eb052448c64afaf6802f6a20f8f01f613c6d292caaa506d89c885255fee277bc | Triage

Sharing

General

Target

701e8508940b27e0b6f25ad054299679
Size

23KB
Sample

240123-vtxvxadhb9
MD5

701e8508940b27e0b6f25ad054299679
SHA1

e0a02e3fb6a107b265dc8555224feb5dbc66df54
SHA256

eb052448c64afaf6802f6a20f8f01f613c6d292caaa506d89c885255fee277bc
SHA512

1704857f4c5f656ddc969040b88d0562fba348ef1af4a1b30991a3e2ec77307e3d640e3d2ea9e46d4719037815d6484d5939a74eb2f86243a8ab545e4a29fabc
SSDEEP

384:zSdr9sOcIp6wRcsSYLvKWLWbstQTid6HJyraXkqdkJ7PNWo7/tiX1HaNJawcudo2:zSFmOhplcsHvKWzX6HJmFqda7kortjng

Score

10^/10

evasion persistence spyware stealer trojan upx

Malware Config

Targets

- Target
  
  701e8508940b27e0b6f25ad054299679
- Size
  
  23KB
- MD5
  
  701e8508940b27e0b6f25ad054299679
- SHA1
  
  e0a02e3fb6a107b265dc8555224feb5dbc66df54
- SHA256
  
  eb052448c64afaf6802f6a20f8f01f613c6d292caaa506d89c885255fee277bc
- SHA512
  
  1704857f4c5f656ddc969040b88d0562fba348ef1af4a1b30991a3e2ec77307e3d640e3d2ea9e46d4719037815d6484d5939a74eb2f86243a8ab545e4a29fabc
- SSDEEP
  
  384:zSdr9sOcIp6wRcsSYLvKWLWbstQTid6HJyraXkqdkJ7PNWo7/tiX1HaNJawcudo2:zSFmOhplcsHvKWzX6HJmFqda7kortjng
Score

10^/10

evasion persistence spyware stealer trojan upx
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencespywarestealertrojanupx

behavioral2

evasionpersistencespywarestealertrojanupx