eecd80841c3f42e70b77ba2a4f9b61e5c1bcd072871ab54dd9804580ee737ef6 | Triage

Submit
Reports

Overview

overview

Static

static

9e2d5c489a...de.exe

windows7-x64

9

9e2d5c489a...de.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

9e2d5c489aabda0e5b15db11547c2a69e7eaa552693baee8edc80b6e66a2e3de.exe.compressed
Size

160KB
Sample

240129-afl62afbfm
MD5

9d2b5315aac351354cf846bc3076b0da
SHA1

a00965c41423e010f879122c1d82c6ae89296f68
SHA256

eecd80841c3f42e70b77ba2a4f9b61e5c1bcd072871ab54dd9804580ee737ef6
SHA512

43808bf7e65cc7e8b6db4d9adf70947ef1bd9772936973fab0f756a17a91cbacf8461c1d12f6be0ff3c5e2c0e12d12923cc90de4a290f5ec0d308340e4287a05
SSDEEP

3072:KFB3O3IRORghwODMJlz1dxoOXwupfRD3hSHzq3TL4MNTIh/zovUMvz:cBZcIDqvysbpfR9STG0hiz

Score

10^/10

discovery spyware stealer upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

9e2d5c489aabda0e5b15db11547c2a69e7eaa552693baee8edc80b6e66a2e3de.exe

Resource

win7-20231129-en

spyware stealer upx

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

9e2d5c489aabda0e5b15db11547c2a69e7eaa552693baee8edc80b6e66a2e3de.exe

Resource

win10v2004-20231215-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  9e2d5c489aabda0e5b15db11547c2a69e7eaa552693baee8edc80b6e66a2e3de.exe.compressed
- Size
  
  160KB
- MD5
  
  9d2b5315aac351354cf846bc3076b0da
- SHA1
  
  a00965c41423e010f879122c1d82c6ae89296f68
- SHA256
  
  eecd80841c3f42e70b77ba2a4f9b61e5c1bcd072871ab54dd9804580ee737ef6
- SHA512
  
  43808bf7e65cc7e8b6db4d9adf70947ef1bd9772936973fab0f756a17a91cbacf8461c1d12f6be0ff3c5e2c0e12d12923cc90de4a290f5ec0d308340e4287a05
- SSDEEP
  
  3072:KFB3O3IRORghwODMJlz1dxoOXwupfRD3hSHzq3TL4MNTIh/zovUMvz:cBZcIDqvysbpfR9STG0hiz
Score

9^/10

spyware stealer upx discovery
- Detects command variations typically used by ransomware
- UPX dump on OEP (original entry point)
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Network Service Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy