32ce04cf77d1483bac9a5964203fbdb9989e9d9ec1f1bc763762192603ea29f7 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

ac825c0fce...a8.exe

windows7-x64

7

ac825c0fce...a8.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

Target

ac825c0fcee766c26a13d9bd41c682a8
Size

741KB
Sample

240228-wm8t9sad2t
MD5

ac825c0fcee766c26a13d9bd41c682a8
SHA1

3d2b6f6bbc58d1f66d58481539a1b4320a8160ff
SHA256

32ce04cf77d1483bac9a5964203fbdb9989e9d9ec1f1bc763762192603ea29f7
SHA512

6c0adf2b6abccb62f34dd4b86075c6687dcc04e225c5cd002a701bd4b27fa12b91772e7aeb0e542b91dae49e0b6ce4a0dd740755d556c4db29a5d36910485493
SSDEEP

12288:aK1eJe0mClbWMyMIRf8AZhWxrQ/z/2NDtvBpdGhnqIs8N/o:ZkpByMIV84hB/z/2dj6hLN/

Score

7^/10

discovery persistence spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ac825c0fcee766c26a13d9bd41c682a8.exe

Resource

win7-20240221-en

discovery persistence spyware stealer upx

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

ac825c0fcee766c26a13d9bd41c682a8.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  ac825c0fcee766c26a13d9bd41c682a8
- Size
  
  741KB
- MD5
  
  ac825c0fcee766c26a13d9bd41c682a8
- SHA1
  
  3d2b6f6bbc58d1f66d58481539a1b4320a8160ff
- SHA256
  
  32ce04cf77d1483bac9a5964203fbdb9989e9d9ec1f1bc763762192603ea29f7
- SHA512
  
  6c0adf2b6abccb62f34dd4b86075c6687dcc04e225c5cd002a701bd4b27fa12b91772e7aeb0e542b91dae49e0b6ce4a0dd740755d556c4db29a5d36910485493
- SSDEEP
  
  12288:aK1eJe0mClbWMyMIRf8AZhWxrQ/z/2NDtvBpdGhnqIs8N/o:ZkpByMIV84hB/z/2dj6hLN/
Score

7^/10

discovery persistence spyware stealer upx
- Reads WinSCP keys stored on the system
  Tries to access WinSCP stored sessions.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials in Registry

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistencespywarestealerupx

behavioral2

© 2018-2025

Terms | Privacy