2718f768e2809cda78cb7e0d70fc32b875aab6637e9a2d9cbb5a3193f9f250ca | Triage

Submit
Reports

Overview

overview

8

Static

static

3

sipy.exe

windows11-21h2-x64

8

Sharing

General

Target

sipy.exe
Size

15.5MB
Sample

240519-xkt4rscf42
MD5

7f864172c9c2ba147afb4bfaa23a12eb
SHA1

aba19ef4ec3f8133cc11f26bb187f3dc75a9c93e
SHA256

2718f768e2809cda78cb7e0d70fc32b875aab6637e9a2d9cbb5a3193f9f250ca
SHA512

34d1d767b004983c77804257f6735a644b9cb8bfe14044591bf7a517f2ea468d3f06880fd3a8a0d37c180cd5c5010f42bdf508e6875b08c32159699916c79517
SSDEEP

393216:8o9Ddnnx8ZlaetEL+9qz8/Ck+7q3D1JF1bWXiWCUI:p9Znx6s+9q4N3D1NtVUI

Score

8^/10

execution pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

sipy.exe

Resource

win11-20240508-en

execution spyware stealer upx

windows11-21h2-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  sipy.exe
- Size
  
  15.5MB
- MD5
  
  7f864172c9c2ba147afb4bfaa23a12eb
- SHA1
  
  aba19ef4ec3f8133cc11f26bb187f3dc75a9c93e
- SHA256
  
  2718f768e2809cda78cb7e0d70fc32b875aab6637e9a2d9cbb5a3193f9f250ca
- SHA512
  
  34d1d767b004983c77804257f6735a644b9cb8bfe14044591bf7a517f2ea468d3f06880fd3a8a0d37c180cd5c5010f42bdf508e6875b08c32159699916c79517
- SSDEEP
  
  393216:8o9Ddnnx8ZlaetEL+9qz8/Ck+7q3D1JF1bWXiWCUI:p9Znx6s+9q4N3D1NtVUI
Score

8^/10

execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

executionspywarestealerupx

© 2018-2025

Terms | Privacy