d8e72722b281af01a37a3135ae20def4007247e931e42fd3a5762e8adc63b16f | Triage

Submit
Reports

Overview

overview

7

Static

static

3

Snipers Ha...en.exe

windows7-x64

7

Snipers Ha...en.exe

windows10-2004-x64

7

Sharing

General

Target

Snipers Haven beta.zip
Size

19.8MB
Sample

240424-t81dxadd36
MD5

7849a064176cae6dc10464a778aeafb2
SHA1

13e0d72c6edf18a59a270d3d228e07a1066beef3
SHA256

d8e72722b281af01a37a3135ae20def4007247e931e42fd3a5762e8adc63b16f
SHA512

0e4258220bc87e9be0cfaec0a8f53d28f4215374f3126e6fefca7516601167acfe232cccd88bd724c74715b6776f70713f6603379498d5ed6bb8417b950778f5
SSDEEP

393216:llTNYUoSj9c7gtA1pZ8fdgVSRY5ZwMw+zEUYBjyZXFoe:nTyU5jAgtngVSu5ZwMwm1ZV/

Score

7^/10

pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Snipers Haven/Snipers-Haven.exe

Resource

win7-20240221-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

Snipers Haven/Snipers-Haven.exe

Resource

win10v2004-20240412-en

spyware stealer upx

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  Snipers Haven/Snipers-Haven.exe
- Size
  
  30.0MB
- MD5
  
  b9caa1e6fbb8c1f59e8be87f03307fe5
- SHA1
  
  431d5f9fd5e7e3c8525ba81acd0b084ca3777396
- SHA256
  
  97a57bcbefee653ef61d26f6497f808ec49f9366199d2c88a33e72fa760c0e13
- SHA512
  
  9f5b43f495ed3042de159959381abff95fb3552072e1d87981002f2e102081544c92440cd537469a9385d9d1a6ae12eae1082e7559fe558e6fc45b3108400b6d
- SSDEEP
  
  393216:3v9zcQqGjrc6h2Jp5MPL+9qzT6LIcCJ+766oHdETv1:/9gQBj46hZ+9qH6LIcC2yGT
Score

7^/10

upx spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

spywarestealerupx

© 2018-2024

Terms | Privacy