Overview

overview

10

Static

static

10

Decompiler.exe

windows7-x64

7

Decompiler.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    Saveinstancev3.rar

  • Size

    21.9MB

  • Sample

    240610-snbz5s1bld

  • MD5

    5b9706b8ab24a4dc2b0d0b2ebe6dc24f

  • SHA1

    a13f26221e7bc9053dec36eee909c6dbe122d4ef

  • SHA256

    455666528dc5d50f37efa4057b49e81eff514bf8846e88e0e28af9d4df2a6ce5

  • SHA512

    9f2b343a9b3c25b971fe3718e8a58d7033bd387554a874cc2fd0fff12c4072a4247b00b1123664d686973c4144c3d131f994642034299006508599357b66dbd5

  • SSDEEP

    393216:XNuvzraZUQDlKYZIlYE+746glsO5mpcoIKQ5GHSHhLMgkYh6RK/QgTJ5JdIQ:XNuSB5In+7469O5nn5GHSHh16cYg15J/

Score
10/10
empyreanpersistencepyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Decompiler.exe

    • Size

      20.7MB

    • MD5

      5737cbfdf5767ddec2033f4214393e2e

    • SHA1

      e7898e27eebd3a092fa4114a9c17956ec1ee0b86

    • SHA256

      54e8c4c1cf1232e728f6dc3144a7688ef3875527fd93ac9ee7673191181bd60f

    • SHA512

      86b327eaed2e3498aea3bd7fdb0a6a06d7d2773ecd50083172b2a5a23271788a1cc72a44bfe7f091886966c7d67975a3b12d24a023b0fdb79a7c71a36e2f93db

    • SSDEEP

      393216:jqPnLFXlrfh2Jp5qC3njkVQ8DOETgsvfG4KgcCzxnvE45fT8Lm:mPLFXNfh50sQhEwL6xMo

    Score
    7/10
    upxpersistencespywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks