217c2d2da19684d59ca61bb6ce6032caffb899e006890ec946fba0f275dc73ce | Triage

Submit
Reports

Overview

overview

7

Static

static

3

993d70d947...05.exe

windows7-x64

7

993d70d947...05.exe

windows10-2004-x64

7

Sharing

General

Target

993d70d947853967556274adc8f20e05
Size

1.6MB
Sample

240213-m1rcpshc96
MD5

993d70d947853967556274adc8f20e05
SHA1

71ebe248007ff4ff38e71032685f37ee21342678
SHA256

217c2d2da19684d59ca61bb6ce6032caffb899e006890ec946fba0f275dc73ce
SHA512

28bdb57e6c6be63e03a784719f252d22c7fa0a32f2404fde01f9756f8893fb1f8795377150a31a4404feff613af26c596af671ed7c1c710669b1b144c6b3aecd
SSDEEP

49152:IfrxeAbi3bgkjfB6mII4hEfffJLa79qK2XfZ7HSbNuA9okDWsPqd6mxBcdiW5D5+:Ile/UyUKzHz0D2

Score

7^/10

discovery persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

993d70d947853967556274adc8f20e05.exe

Resource

win7-20231215-en

discovery persistence spyware stealer upx

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

993d70d947853967556274adc8f20e05.exe

Resource

win10v2004-20231222-en

discovery persistence spyware stealer upx

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  993d70d947853967556274adc8f20e05
- Size
  
  1.6MB
- MD5
  
  993d70d947853967556274adc8f20e05
- SHA1
  
  71ebe248007ff4ff38e71032685f37ee21342678
- SHA256
  
  217c2d2da19684d59ca61bb6ce6032caffb899e006890ec946fba0f275dc73ce
- SHA512
  
  28bdb57e6c6be63e03a784719f252d22c7fa0a32f2404fde01f9756f8893fb1f8795377150a31a4404feff613af26c596af671ed7c1c710669b1b144c6b3aecd
- SSDEEP
  
  49152:IfrxeAbi3bgkjfB6mII4hEfffJLa79qK2XfZ7HSbNuA9okDWsPqd6mxBcdiW5D5+:Ile/UyUKzHz0D2
Score

7^/10

discovery persistence spyware stealer upx
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

discoverypersistencespywarestealerupx

© 2018-2025

Terms | Privacy