01295c7946e632fcd1dfad7236dc69c3e1451b806b3296ac35b56c30596b78ab | Triage

Submit
Reports

Overview

overview

Static

static

01295c7946...ab.exe

windows7-x64

9

01295c7946...ab.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

01295c7946e632fcd1dfad7236dc69c3e1451b806b3296ac35b56c30596b78ab
Size

160KB
Sample

240201-hcnjpafcgn
MD5

e3d57135d9f1f2be808d795670966949
SHA1

bbac6ea24e4acc873439955c67bbef846101f17b
SHA256

01295c7946e632fcd1dfad7236dc69c3e1451b806b3296ac35b56c30596b78ab
SHA512

9b503f265347e80c86f50167234083ba23e346e8a415a468492942609186a31b87dd119ecee2f8227c93408917c780501511e3151ead27071daa2fb1c01e0471
SSDEEP

3072:EFB3O3IRORghwODMJlz1dxoOXwupfH6FivjGdlEeeE6B17Fh8Esp9J5LOUN1X:CBZcIDqvysbpfEMjGdNSFnspN1X

Score

10^/10

discovery spyware stealer upx

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

01295c7946e632fcd1dfad7236dc69c3e1451b806b3296ac35b56c30596b78ab.exe

Resource

win7-20231215-en

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

01295c7946e632fcd1dfad7236dc69c3e1451b806b3296ac35b56c30596b78ab.exe

Resource

win10v2004-20231222-en

discovery spyware stealer upx

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  01295c7946e632fcd1dfad7236dc69c3e1451b806b3296ac35b56c30596b78ab
- Size
  
  160KB
- MD5
  
  e3d57135d9f1f2be808d795670966949
- SHA1
  
  bbac6ea24e4acc873439955c67bbef846101f17b
- SHA256
  
  01295c7946e632fcd1dfad7236dc69c3e1451b806b3296ac35b56c30596b78ab
- SHA512
  
  9b503f265347e80c86f50167234083ba23e346e8a415a468492942609186a31b87dd119ecee2f8227c93408917c780501511e3151ead27071daa2fb1c01e0471
- SSDEEP
  
  3072:EFB3O3IRORghwODMJlz1dxoOXwupfH6FivjGdlEeeE6B17Fh8Esp9J5LOUN1X:CBZcIDqvysbpfEMjGdNSFnspN1X
Score

9^/10

upx discovery spyware stealer
- Detects command variations typically used by ransomware
- UPX dump on OEP (original entry point)
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Network Service Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealerupx

© 2018-2025

Terms | Privacy