63c55b0327d9b002e82f6869e71c34c6148e7eea4e9ec0f3bec085a2864e7e03 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

63c55b0327d9b002e82f6869e71c34c6148e7eea4e9ec0f3bec085a2864e7e03
Size

1.8MB
Sample

240305-m6k3wadc4s
MD5

63ed0bf2d77e125419f2ee144a6ec99d
SHA1

8bc2dafcff4d081d3509200e251ab4959c11100d
SHA256

63c55b0327d9b002e82f6869e71c34c6148e7eea4e9ec0f3bec085a2864e7e03
SHA512

45330d070907ac7471775591aee7360e7de679cce9df730e58df042bddc0d8bbbd144cd8c60f3ac0f6039f490d8f65d5f2d05fdc98bd00c395c04f1bcb348a75
SSDEEP

49152:tIiiK2S7rZw0BaLYonbh6WfFBTkfe35u4zRSzQ2bDVMp1LUnVZbG:qiiK2bn8onb9F9kfeseSzJnmoHG

Score

8^/10

discovery spyware stealer upx

Malware Config

Targets

- Target
  
  63c55b0327d9b002e82f6869e71c34c6148e7eea4e9ec0f3bec085a2864e7e03
- Size
  
  1.8MB
- MD5
  
  63ed0bf2d77e125419f2ee144a6ec99d
- SHA1
  
  8bc2dafcff4d081d3509200e251ab4959c11100d
- SHA256
  
  63c55b0327d9b002e82f6869e71c34c6148e7eea4e9ec0f3bec085a2864e7e03
- SHA512
  
  45330d070907ac7471775591aee7360e7de679cce9df730e58df042bddc0d8bbbd144cd8c60f3ac0f6039f490d8f65d5f2d05fdc98bd00c395c04f1bcb348a75
- SSDEEP
  
  49152:tIiiK2S7rZw0BaLYonbh6WfFBTkfe35u4zRSzQ2bDVMp1LUnVZbG:qiiK2bn8onb9F9kfeseSzJnmoHG
Score

8^/10

discovery spyware stealer upx
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/INetC.dll
- Size
  
  21KB
- MD5
  
  2b342079303895c50af8040a91f30f71
- SHA1
  
  b11335e1cb8356d9c337cb89fe81d669a69de17e
- SHA256
  
  2d5d89025911e2e273f90f393624be4819641dbee1606de792362e442e54612f
- SHA512
  
  550452dadc86ecd205f40668894116790a456fe46e9985d68093d36cf32abf00edecb5c56ff0287464a0e819db7b3cc53926037a116de6c651332a7cc8035d47
- SSDEEP
  
  384:KOoVVefeWsI7rsIquPLNN546o0Ac9khYLMkIX0+Gzyekv:4VVaeE7wIqyJN5i
Score

3^/10
behavioral3 behavioral4
- Target
  
  $TEMP/BroomSetup.exe
- Size
  
  1.7MB
- MD5
  
  eee5ddcffbed16222cac0a1b4e2e466e
- SHA1
  
  28b40c88b8ea50b0782e2bcbb4cc0f411035f3d5
- SHA256
  
  2a40e5dccc7526c4982334941c90f95374460e2a816e84e724e98c4d52ae8c54
- SHA512
  
  8f88901f3ebd425818db09f268df19ccf8a755603f04e9481bcf02b112a84393f8a900ead77f8f971bfa33fd9fa5636b7494aaee864a0fb04e3273911a4216dc
- SSDEEP
  
  49152:YUnaQiKJ8N+AadA6mICFhNGffVCPi9NUko6jE:ZwKa+u6mICFSwPKDK
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5 behavioral6
- Target
  
  $TEMP/syncUpd.exe
- Size
  
  223KB
- MD5
  
  4798812066cbae4409c74a92f61d89be
- SHA1
  
  f22ae1face4df9e4ab6445a6e43eedd12c8af868
- SHA256
  
  17102324a533f9666f6d2a9a9269807f9b49591a20ff7fd4045c43b432ac0079
- SHA512
  
  e55b78580a1aa1ab9e262ddb57ae95759d459ab75db99459882a22f05310e2e53131f05e0f110ed0cf2056b18f8671272eabda5cbd21667cd51be5754e4c3e56
- SSDEEP
  
  3072:dlprK266lvWQLu0HAm3RwHRMAbMKjjBSNljGHQJq5JE:z6cuQLu0HuH+i9jjGjnG
Score

8^/10

discovery spyware stealer
- Downloads MZ/PE file
- Loads dropped DLL
- Reads data files stored by FTP clients
  Tries to access configuration files associated with programs like FileZilla.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealerupx

behavioral2

discoveryspywarestealerupx

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

discoveryspywarestealer

behavioral8

discoveryspywarestealer