c68167ee797c035adc895add0214da989f883d85643608eb0d82abf76c37b887 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

sorilshiiiiiit.exe

windows7-x64

6

sorilshiiiiiit.exe

windows10-2004-x64

8

Sharing

General

Target

sorilshiiiiiit.exe
Size

12KB
Sample

240525-s7f37she3s
MD5

b5386316f53e6b427ccb215d72614884
SHA1

e837b8abc9fe124b68929135fec3ccdcd7a6d0cc
SHA256

c68167ee797c035adc895add0214da989f883d85643608eb0d82abf76c37b887
SHA512

3d1ab2bbd444c91af0d316a30c9f72b19624f234f53f01a033ba91b6e432b47abecaa9184d8e87ca42920053548e493434fde71f971bbd988a284b985d7dff9b
SSDEEP

192:nlRc9l9EmPwa3qmA1VxzgzesZQKcYt4yvUNL3Q5tfMcQwwo:nla9bRPD3qm2ZO7DrvM3

Score

8^/10

pyinstaller spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

sorilshiiiiiit.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

sorilshiiiiiit.exe

Resource

win10v2004-20240226-en

pyinstaller spyware stealer upx

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  sorilshiiiiiit.exe
- Size
  
  12KB
- MD5
  
  b5386316f53e6b427ccb215d72614884
- SHA1
  
  e837b8abc9fe124b68929135fec3ccdcd7a6d0cc
- SHA256
  
  c68167ee797c035adc895add0214da989f883d85643608eb0d82abf76c37b887
- SHA512
  
  3d1ab2bbd444c91af0d316a30c9f72b19624f234f53f01a033ba91b6e432b47abecaa9184d8e87ca42920053548e493434fde71f971bbd988a284b985d7dff9b
- SSDEEP
  
  192:nlRc9l9EmPwa3qmA1VxzgzesZQKcYt4yvUNL3Q5tfMcQwwo:nla9bRPD3qm2ZO7DrvM3
Score

8^/10

pyinstaller spyware stealer upx
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

pyinstallerspywarestealerupx

© 2018-2024

Terms | Privacy