cb31806a9dfbf19858779bb3a1b98efbcd2135eea4def247d99ce31c4d5bef8e | Triage

Submit
Reports

Overview

overview

8

Static

static

3

GameStealerV1.exe

windows10-2004-x64

8

Sharing

General

Target

GameStealerV1.exe
Size

19.7MB
Sample

240525-x9afnafe6z
MD5

81147138442b4d147c7cbed2c8043cf8
SHA1

6f42fd9daffee8b9816d2df0287010f310a62975
SHA256

cb31806a9dfbf19858779bb3a1b98efbcd2135eea4def247d99ce31c4d5bef8e
SHA512

f2772bef74ea468cdfd3dc4e4a210cb2e15fc3b7363066dacef13fa7565e46d48486b2a55b27fcd7b3b578644edb7f6daeb7ab79903b033c1cda08ba13d99bf5
SSDEEP

393216:Bh9Sl6eQnrh2Jp5M7V+C/pW/cRhuX2ByeZWiv8RR52HTy:L9kQrh1V+C/pWWuXulMoz

Score

8^/10

execution pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

GameStealerV1.exe

Resource

win10v2004-20240508-en

execution spyware stealer upx

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  GameStealerV1.exe
- Size
  
  19.7MB
- MD5
  
  81147138442b4d147c7cbed2c8043cf8
- SHA1
  
  6f42fd9daffee8b9816d2df0287010f310a62975
- SHA256
  
  cb31806a9dfbf19858779bb3a1b98efbcd2135eea4def247d99ce31c4d5bef8e
- SHA512
  
  f2772bef74ea468cdfd3dc4e4a210cb2e15fc3b7363066dacef13fa7565e46d48486b2a55b27fcd7b3b578644edb7f6daeb7ab79903b033c1cda08ba13d99bf5
- SSDEEP
  
  393216:Bh9Sl6eQnrh2Jp5M7V+C/pW/cRhuX2ByeZWiv8RR52HTy:L9kQrh1V+C/pWWuXulMoz
Score

8^/10

execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionspywarestealerupx

© 2018-2024

Terms | Privacy