Overview

overview

8

Static

static

1

e71a9aa123...42.exe

windows7-x64

8

e71a9aa123...42.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    e71a9aa12381123c54d61cd074d0922ccc456289c22eaef81cb361085fa7a442

  • Size

    1.4MB

  • Sample

    240313-n449eacd4x

  • MD5

    901328519e09b85276c037ca042a7477

  • SHA1

    f2b5cf31a7bb656e7316385533533e53890934b7

  • SHA256

    e71a9aa12381123c54d61cd074d0922ccc456289c22eaef81cb361085fa7a442

  • SHA512

    9601e57a03c70b08f19a3ff43411c7c9ccebfd6092c86e677087a9b3092c10118e17b8dbe542173ddb1220f6c47fe9bc00272de11cb5d3ca1bd58ad38a945220

  • SSDEEP

    24576:gS4c4c1mPDsfb5kMRjrky7BBcJ4yM+Q0OFxpfClsogJKrYEaKw+rEH7M:7R4ck+b5kMJB7BBcJE+Q0OFvfClxg0Y6

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Targets

    • Target

      e71a9aa12381123c54d61cd074d0922ccc456289c22eaef81cb361085fa7a442

    • Size

      1.4MB

    • MD5

      901328519e09b85276c037ca042a7477

    • SHA1

      f2b5cf31a7bb656e7316385533533e53890934b7

    • SHA256

      e71a9aa12381123c54d61cd074d0922ccc456289c22eaef81cb361085fa7a442

    • SHA512

      9601e57a03c70b08f19a3ff43411c7c9ccebfd6092c86e677087a9b3092c10118e17b8dbe542173ddb1220f6c47fe9bc00272de11cb5d3ca1bd58ad38a945220

    • SSDEEP

      24576:gS4c4c1mPDsfb5kMRjrky7BBcJ4yM+Q0OFxpfClsogJKrYEaKw+rEH7M:7R4ck+b5kMJB7BBcJE+Q0OFvfClxg0Y6

    Score
    8/10
    discoverypersistencespywarestealerupx

    • Modifies AppInit DLL entries

      persistence

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks