b0f8a28363609b60ed20888564b25854ebd2af5fd46331fd92f7c56dd670930f | Triage

Submit
Reports

Overview

overview

8

Static

static

3

ñape.exe

windows10-2004-x64

8

Sharing

General

Target

ñape.exe
Size

25.7MB
Sample

240526-ya3tlaab79
MD5

7051a08c6f42b5832e9b7b366d22aed9
SHA1

c4856f9119b010bc52ea994e35b3cb3d49fae4dd
SHA256

b0f8a28363609b60ed20888564b25854ebd2af5fd46331fd92f7c56dd670930f
SHA512

71cc3bb45756ed7a0f79e4b56d32b3fae375b60f5edd3b5120dc456738700c640429d6a16213d4bc20c869dffdc705585484efd924e3aca0c9ac8ee720295fd7
SSDEEP

393216:cFo9DM45Ct55L1V8dkurEUWj+rMDEGPKkIbuK+:l9NMXRndbmMD4k1K+

Score

8^/10

execution pyinstaller spyware stealer upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ñape.exe

Resource

win10v2004-20240508-en

execution spyware stealer upx

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  ñape.exe
- Size
  
  25.7MB
- MD5
  
  7051a08c6f42b5832e9b7b366d22aed9
- SHA1
  
  c4856f9119b010bc52ea994e35b3cb3d49fae4dd
- SHA256
  
  b0f8a28363609b60ed20888564b25854ebd2af5fd46331fd92f7c56dd670930f
- SHA512
  
  71cc3bb45756ed7a0f79e4b56d32b3fae375b60f5edd3b5120dc456738700c640429d6a16213d4bc20c869dffdc705585484efd924e3aca0c9ac8ee720295fd7
- SSDEEP
  
  393216:cFo9DM45Ct55L1V8dkurEUWj+rMDEGPKkIbuK+:l9NMXRndbmMD4k1K+
Score

8^/10

execution spyware stealer upx
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

executionspywarestealerupx

© 2018-2024

Terms | Privacy