Overview

overview

10

Static

static

3

b439476718...a7.exe

windows7-x64

10

b439476718...a7.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    b439476718bba80ea91c0dfc808b8da7

  • Size

    172KB

  • Sample

    240305-j3dmvaac7z

  • MD5

    b439476718bba80ea91c0dfc808b8da7

  • SHA1

    22b0d848ae59625f2a680aed1c92713a351540d8

  • SHA256

    9f3f80a3730a644cdbdceba0cc0ba5910d57d2ddc4d1314a09275c9775e71212

  • SHA512

    aafaa3585556d06e2028b1d96f16423ac9a5eb1a5dbe5f26b24cd437eddb64759a6ab783e78f0375906e649411af999ea7d9c0c54bc854b127fb96d190a27237

  • SSDEEP

    3072:DRysv8zjKxVCOLkg/l/LjNHtNktgXAjmsl/7HG5XIYitvC:83jK7COLkK/LRtNkqXOl/q5j8

Score
10/10
evasionpersistencespywarestealerupx

Malware Config

Targets

    • Target

      b439476718bba80ea91c0dfc808b8da7

    • Size

      172KB

    • MD5

      b439476718bba80ea91c0dfc808b8da7

    • SHA1

      22b0d848ae59625f2a680aed1c92713a351540d8

    • SHA256

      9f3f80a3730a644cdbdceba0cc0ba5910d57d2ddc4d1314a09275c9775e71212

    • SHA512

      aafaa3585556d06e2028b1d96f16423ac9a5eb1a5dbe5f26b24cd437eddb64759a6ab783e78f0375906e649411af999ea7d9c0c54bc854b127fb96d190a27237

    • SSDEEP

      3072:DRysv8zjKxVCOLkg/l/LjNHtNktgXAjmsl/7HG5XIYitvC:83jK7COLkK/LRtNkqXOl/q5j8

    Score
    10/10
    evasionpersistencespywarestealerupx

    • Modifies security service

      evasion

    • Disables taskbar notifications via registry modification

      evasion

    • Modifies Installed Components in the registry

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks