Overview

overview

9

Static

static

3

54a784d19e...eb.exe

windows7-x64

7

54a784d19e...eb.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    54a784d19e501af0244c8ce692563cc0234952f8c59345968b0adc2713ef35eb

  • Size

    1.7MB

  • Sample

    240524-1rs2tsce2s

  • MD5

    5133f122f65287d8a79e9a1cd3fad3cb

  • SHA1

    a0ad13d1f74d20d24130dea2400781fa5d427168

  • SHA256

    54a784d19e501af0244c8ce692563cc0234952f8c59345968b0adc2713ef35eb

  • SHA512

    f75f0627bacd6d06a30b0d1b79103238c7f46fbc3bf9f2126516a0d27095c69ca5527fcbc637e7ab8ca05959ba6318fd37103f045784bfedc171c724a5f5e523

  • SSDEEP

    24576:F+SFQyRru2P6TW+/OMiFhTCRQwG6F5/xsSSBl76xPbdHURIcNTKarBI:BZubTWLb33s/xkl76FZUKaKarB

Score
9/10
persistencespywarestealerupx

Malware Config

Targets

    • Target

      54a784d19e501af0244c8ce692563cc0234952f8c59345968b0adc2713ef35eb

    • Size

      1.7MB

    • MD5

      5133f122f65287d8a79e9a1cd3fad3cb

    • SHA1

      a0ad13d1f74d20d24130dea2400781fa5d427168

    • SHA256

      54a784d19e501af0244c8ce692563cc0234952f8c59345968b0adc2713ef35eb

    • SHA512

      f75f0627bacd6d06a30b0d1b79103238c7f46fbc3bf9f2126516a0d27095c69ca5527fcbc637e7ab8ca05959ba6318fd37103f045784bfedc171c724a5f5e523

    • SSDEEP

      24576:F+SFQyRru2P6TW+/OMiFhTCRQwG6F5/xsSSBl76xPbdHURIcNTKarBI:BZubTWLb33s/xkl76FZUKaKarB

    Score
    9/10
    persistencespywarestealerupx

    • UPX dump on OEP (original entry point)

    • Sets service image path in registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks