Overview

overview

7

Static

static

3

tempspoofer.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tempspoofer.exe

  • Size

    26.9MB

  • Sample

    240327-b91f7ahg24

  • MD5

    70c73512dd215f21e1f3600d9ad3c8b0

  • SHA1

    bbf04aa7c5412f56a93788af65ffc5a3a94f9e8c

  • SHA256

    5a09d457b74130d916e36abe8d960f44dc9abf05e0bd82929f2315161beaed7a

  • SHA512

    47c78c834ca20b370eb8466fa98a97eff0ca5b7431e21a612c5e099bd5132e91121ca052d2cd1ad4cd62b550b948b34b04637ef14737ff60570d0df69840ecaf

  • SSDEEP

    786432:z97QNrhS1zcY87dCpL+7/pWDQuXo6ajvsz:Z7QNtiE7VNgXRabsz

Score
7/10
pyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      tempspoofer.exe

    • Size

      26.9MB

    • MD5

      70c73512dd215f21e1f3600d9ad3c8b0

    • SHA1

      bbf04aa7c5412f56a93788af65ffc5a3a94f9e8c

    • SHA256

      5a09d457b74130d916e36abe8d960f44dc9abf05e0bd82929f2315161beaed7a

    • SHA512

      47c78c834ca20b370eb8466fa98a97eff0ca5b7431e21a612c5e099bd5132e91121ca052d2cd1ad4cd62b550b948b34b04637ef14737ff60570d0df69840ecaf

    • SSDEEP

      786432:z97QNrhS1zcY87dCpL+7/pWDQuXo6ajvsz:Z7QNtiE7VNgXRabsz

    Score
    7/10
    spywarestealerupx

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks