Overview

overview

10

Static

static

10

NeverloseC...kL.exe

windows10-2004-x64

NeverloseC...kL.exe

windows11-21h2-x64

8

�7�F��.pyc

windows10-2004-x64

�7�F��.pyc

windows11-21h2-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NeverloseCrackedBykL.exe

  • Size

    8.2MB

  • Sample

    240428-p5yzfsgf9t

  • MD5

    534b6fa0aa29c69569dc8fff7b2320b4

  • SHA1

    0f3d05bad5eb3241f6cdcda5a3eba627566b5587

  • SHA256

    79d5e59e9d29ed290108dd209b3f94cd52ffcdebf7b9d22e6ced41d97c36c52b

  • SHA512

    d1291abfdebf7329c1cd98bb5edd4610e2ff8fb844bc19f64b0842dc3584ec77e0a4930063e480c68213f349848a766f82ffd658a481de58b12aaeeaf25ca2ef

  • SSDEEP

    196608:UrOrYOp6XOshoKMuIkhVastRL5Di3u4CTQ1D7Jz:bYOpOOshouIkPftRL54BRJz

Score
10/10
blankgrabberspywarestealerupx

Malware Config

Targets

    • Target

      NeverloseCrackedBykL.exe

    • Size

      8.2MB

    • MD5

      534b6fa0aa29c69569dc8fff7b2320b4

    • SHA1

      0f3d05bad5eb3241f6cdcda5a3eba627566b5587

    • SHA256

      79d5e59e9d29ed290108dd209b3f94cd52ffcdebf7b9d22e6ced41d97c36c52b

    • SHA512

      d1291abfdebf7329c1cd98bb5edd4610e2ff8fb844bc19f64b0842dc3584ec77e0a4930063e480c68213f349848a766f82ffd658a481de58b12aaeeaf25ca2ef

    • SSDEEP

      196608:UrOrYOp6XOshoKMuIkhVastRL5Di3u4CTQ1D7Jz:bYOpOOshouIkPftRL54BRJz

    Score
    8/10
    spywarestealerupx

    • Downloads MZ/PE file

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      �7�F��.pyc

    • Size

      1KB

    • MD5

      b73d5a8ab64d052eccb12f27be64b398

    • SHA1

      0f1ce2c0e1beb3221c3436fb6185c7888f087b10

    • SHA256

      aae6f9d4a7a57265ecf6d659b24c179c803bca15318a273b892f998f48bae080

    • SHA512

      93fbd51ec919ee66970ba6eef1031aa510c60b8a86d873a43438ff71ad3b714aa941550834c2b6d7e178996436b9d10631895fa0a1d1dfb186b41892e6fcf7f6

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

1
T1564

Hidden Files and Directories

1
T1564.001

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

4
T1082

Process Discovery

1
T1057

Query Registry

1
T1012

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks