640f6fa7a32a694b0912bd9042ac043f7e1252cb28db7385a3c2060d327d32b7 | Triage

Sharing

General

Target

a5d4495d1a2600f38d01586220f2417b.bin
Size

18.8MB
Sample

240614-c4fehascqg
MD5

a5d4495d1a2600f38d01586220f2417b
SHA1

46d73a663ece832deaedbd23fa8348080917a868
SHA256

640f6fa7a32a694b0912bd9042ac043f7e1252cb28db7385a3c2060d327d32b7
SHA512

182a0a90104a29e5b2e4bdbcecac7e38abb572cdc68f0efafdf6f33bf92bb904755b9464d24ed6998a3d30894eb7775bdea57f95b462d7cf8208fb95298b001b
SSDEEP

393216:wP6OLTODSf/raJ19Wjyj+8l86+qPmUlPuO7TODSf/raJ19Wjyj+8l86+qjXYg:z+TODzx+8l86XQmTODzx+8l86R

Score

10^/10

discovery pyinstaller spyware stealer upx

Malware Config

Targets

- Target
  
  .exe/AppReadWriteCounter.exe
- Size
  
  127KB
- MD5
  
  48c0a430ce7f5e7c669a60dae97caf1f
- SHA1
  
  da8a6dd0aee30d49009fe59fd4c753a351456159
- SHA256
  
  b6dcd998aebbc7a6e5e535607986d6af998722e0a148bd04d25f3b163727f94f
- SHA512
  
  f0eb3f351978d1f1d5a2ee6779f101fb11ae1c90a292c3ba8d7741645f4357c825267a58239202b7a9efb7489487e069729248765c26a47f8eabc47c4c7ce9f9
- SSDEEP
  
  3072:KenIGgpOr2+1+r5LB3CTt2WzekNjl/q57ku76wtDE:9prt103iXMGYE
Score

3^/10
behavioral1 behavioral2
- Target
  
  .exe/BrowserDownloadsView.exe
- Size
  
  475KB
- MD5
  
  32d8860e3ad7c0040f3bc37a32aa64da
- SHA1
  
  b15b8fbe5e68d7e340e4ad8c7c101a024363a86e
- SHA256
  
  4a506d6fe197eb77e2c5620503fcf2f0594b007498d29fda12942399363a1033
- SHA512
  
  5742e84c8071bb08b00c54b305662d9b76c12019efcbd5714b52cc1095d9b0ceba2d49be63b01d3c593508c62af8f1788facc070fd1725d0f6dc3011bedd2ab0
- SSDEEP
  
  6144:7eyMwkCjuBgtwN5eyyKAWPDDOsaOLP2HeXhEG9GkbN4Gcr3kjey0GxhPerIt183R:q4kCKgk5jGW/5aOLBl46Z+3OeQvp83Nj
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4
- Target
  
  .exe/BrowsingHistoryView.exe
- Size
  
  558KB
- MD5
  
  1642b26deb2ed4d9573712ce2974e85a
- SHA1
  
  733a7d59fd23610057c9e6d6c700461bc8517b01
- SHA256
  
  cdfb491344d29901d508a8f88dafbc237ffc53e6980106f325764809f58f8505
- SHA512
  
  d3fc350e17368c4b73196a7d4d29b62107ba1dd8df4b453fc112921fb8211ecb894df1df44e61387c070e4dffb3a97a53663b32f084a1068bccdbf1983a22452
- SSDEEP
  
  12288:bcipgIgwMlLWpBLxSF1md2VkMu7bTMxZ0m41u1zy43gfE:QvIgHSLxMQgVoXTS0x1u1zyqgfE
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral5 behavioral6
- Target
  
  .exe/CProcess.exe
- Size
  
  35KB
- MD5
  
  5af6b376e660805759683865437acbc0
- SHA1
  
  75f61ab72f67c53553ef87c655777c430c3c91c2
- SHA256
  
  f0cf25602f19d5b2f2c0050180815eb5c727427142639fa1c177b5d1dc078a1b
- SHA512
  
  faf2750a1dcfa6bbac2fc0162f14977ac7b145fe4361e58e880ac727902fc90afe1e92c7107c5096050c2e8a5dae1aab322c84851fbd30542f35e6e846d16e63
- SSDEEP
  
  768:/+5WLaO2wpBorkucMMqyv+czNsmj+KN7mODgDsEhahV:25WLaf7rkucMMqT+UKcirr
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  .exe/ExecutedProgramsList.exe
- Size
  
  81KB
- MD5
  
  7366668cc7eaa1068a38cc2761217fc4
- SHA1
  
  a6790473129e7298185ef4ee4e0badbdecc50040
- SHA256
  
  e3af98717bf1cda7dc4aacb5b34d111ac237604161cd96f7929ec33f2ff260b6
- SHA512
  
  5af36447a1d29c2024b83cf08bb9cfc2c360e02d819eb7b238e1e9f774aef6e5930f5f33b9f64d62e4e958911493338a0d95b58b22b076c4e9025abe6f3f0b4a
- SSDEEP
  
  1536:mnfPc3+xpqH7tTkloB7MYk34T8bbcw+BI2SNGOcJ74l8:mnf03+xpq71kl0QYk3Jbww+JSNGOcZ4q
Score

3^/10
behavioral10 behavioral9
- Target
  
  .exe/Fortect.lnk
- Size
  
  873B
- MD5
  
  6b84f43a807e447abb4b6aa609c6795d
- SHA1
  
  70a88261512010cb9136ad53f699752094c2d566
- SHA256
  
  d3427f0a96ac456b5d978a6b14b8b31ed02f61439883733c9fab85675d61c3b2
- SHA512
  
  8b772dd82582a3fd657813c64be4122d07d8367d698de984a0359afe84ca51d07551befa56652d41ea1cb3b1aae4ae2d475868d833e560c006dc8451a7cfb3ee
Score

3^/10
behavioral11 behavioral12
- Target
  
  .exe/JournalTrace.exe
- Size
  
  106KB
- MD5
  
  779386ff00b119b91f1ef5e36168edae
- SHA1
  
  006588d6a5c531d0e9ff497cbf3bab32744e15d0
- SHA256
  
  46873781a5c80ea676f0ed8024b31423f22918d9f4723aba49b22c8e597ec0e6
- SHA512
  
  7c1686cf33e8989064c8be404b0eca65609b30e7fbe8d7cc0b90fcefecd44ae024efdf3a65f4e08376c166b118a46eda550f563423261badfed91f7e5db96a13
- SSDEEP
  
  3072:RxnIDN+SRULe9DjbkNaze0ccGADupxYXGrAOOLChcRUzAXA8U9uv93n:eBu6Om1+G1h
Score

1^/10
behavioral13 behavioral14
- Target
  
  .exe/LastActivityView.exe
- Size
  
  130KB
- MD5
  
  a19eb1487622a13402c0d63eede58f59
- SHA1
  
  c662772fcd96c7d6decd629af28f26014c506a30
- SHA256
  
  b1b7a772c927b4d3e2e4d59ba69e3fe955506ff80cee0947d54c6b3fabef6860
- SHA512
  
  6b7b676ebac4e3127a63cc1fbde85144d551c7d38330c516ccb0aeaa7558155eefc1dfba3f3d7b18510f8e099c37fa2504f1ff00607f52187a03780fd7f75f94
- SSDEEP
  
  3072:gnk4eDEnIUuBkxlXvVbZTK1TT4ik69L1X7Bom:gngdBeXvpZTK1P4Kp
Score

6^/10

discovery
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral15 behavioral16
- Target
  
  .exe/MUICacheView.exe
- Size
  
  29KB
- MD5
  
  e999c811b919c420d5657a484cecdd61
- SHA1
  
  a61ab3db7d9aa92c309956c8a033a7c5ce4edeb9
- SHA256
  
  02e28fa849121a1ffce2cccdfaed4974636253c3a8d5f16207d0fd13c0ea72d5
- SHA512
  
  caeb0693a02154195d2421786a7b39559ac605c06371a8f7ed95535f75296e7f3a99de0a72d9ff7570d4b7d0bd3a2c2bb7ff37813f1fefbc4be1ad792ba41d8a
- SSDEEP
  
  768:Xm/LKD7CbEQJHUDPk77BJKdupd8vl7PbT6z204wwwggAGyN1RGz:qLKD7CQYHUD8hJh6l7X104wwwggAG21E
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral17 behavioral18
- Target
  
  .exe/Malwarebytes.lnk
- Size
  
  2KB
- MD5
  
  b0c2336ae9d3289d7d2820928da3be82
- SHA1
  
  ad784fe4f7fe908982053c151e051b613d6930b1
- SHA256
  
  dd171dbc9947375ebaafe27a20038195ba508a8fc9234b0d31f6eb4010a8e2ab
- SHA512
  
  8c21af1bac37ba5c61ce7826415a97281c328a8f2fd0b63f24a40a52c946a2026ab0914ee11f626fed2265805a5381a30f4cca0a58d770a4fbb2003c75cf445d
Score

3^/10
behavioral19 behavioral20
- Target
  
  .exe/PreviousFilesRecovery.exe
- Size
  
  128KB
- MD5
  
  9e4c902e52d513e1437c599953ef7e1e
- SHA1
  
  e3ba3f445e47d971cf7b1b85c50634b8c79eea88
- SHA256
  
  2c749ebe67bfb2496b47d2bcd8b05e32134e71bcc51d0b1bf63b2dd668f56b5e
- SHA512
  
  9e5d58d526a9887faa706e223301a1b7f3bc14e309ae6d110f808874e3ad3ffd353a1aecd9c17be47bcb24881dd53460afd3189f78d9582825db10d46801b612
- SSDEEP
  
  3072:K5sQ7MuFeUtHBTOOmQI0WwhxUjg76FmaKJgf:BUMjUdlT2QlJe
Score

3^/10
behavioral21 behavioral22
- Target
  
  .exe/RecentFilesView.exe
- Size
  
  46KB
- MD5
  
  4d27a0ef39f71709510662519553b24d
- SHA1
  
  35adea46f3fde61c14230c67b687086429fc8438
- SHA256
  
  80930766283e9575617cd03ea31e575c091fb2148e08c37874afe40371cfd5a3
- SHA512
  
  8f9fe1b9d0d93aa80520319de07e7a53fe2eb51020da207007ac0b74412bfe896ee664778d001709d29b6ce3e533d611de62734854bd8037979ee59f19a600d4
- SSDEEP
  
  768:QxKVTfbKrhSUN53TiDNoG3+MUAkow8HMcZwS62qGFh7JzbiyiyO:ZfbWNomnMUhZKBsC5Jzbiv
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral23 behavioral24
- Target
  
  .exe/RegScanner.exe
- Size
  
  158KB
- MD5
  
  7ab278ae57598f6951a58eea6136271a
- SHA1
  
  2aff67d227121402ce8eb5d072674720701ef59e
- SHA256
  
  8d329719ab5bb2c71c4299be12089d7550b446416a9f0bb3ea9f85faad42d838
- SHA512
  
  37f0b69005916b2bab7714ba0a2e2d3e9a0eef8851bd972a21396309d4f1ebc38d4fd8342f70da277f28a790c55281bde533ad1c67c2e286e963dd613987c8c2
- SSDEEP
  
  3072:ZNeFsaAYSKtjkynLwMxrrWN916c5TwXIHFcPZ6G5U1ZwtgonM7UqJqAzOcD9f:qPSHFMxrCN7XEXIHW6QKwtRk9f
Score

1^/10
behavioral25 behavioral26
- Target
  
  .exe/ShellBagsView.exe
- Size
  
  46KB
- MD5
  
  79222c52a3364c2ad29bb3f5ca543485
- SHA1
  
  dcb404d39eabcbf43b50d6d41c1f044b01e8908b
- SHA256
  
  95b1b1cdcc76eed98c6d839f861bacf2b1e8888fc2612d97d7eaf6161260eecc
- SHA512
  
  7248ae24a86bc0623ada14adbf0bdc89d94897b1651e50eb4bd87372842cbd77f13f3117cf75a2c57486daea02a59fbb8b2cb22950939f949be29c81566072b7
- SSDEEP
  
  768:La10Pm9M+IHcbms0/AVM0z+rJjMyfYLi4JtV07apKTUhcpriXiRSkg:UEmj2c50/brJjBSisFpKTUhcpWXiIkg
Score

9^/10

upx
- Nirsoft
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral27 behavioral28
- Target
  
  .exe/System Informer.lnk
- Size
  
  1KB
- MD5
  
  33acaf16a48f662d62acb2e0406de152
- SHA1
  
  ca39918e59a658cae32b7479f22a6e18d3366a8c
- SHA256
  
  623e792acd760e0b5e88bca0a83eafa9e88387bec920f427d0b7e3f246fe34b1
- SHA512
  
  a20904c29160c001874d0461ea662408f4c43bb7ec4db63ed003bafd934802f5ee089501bc4513bcd3606fe1d6276d02258d48457d1174f5786ce30fcdee8b7f
Score

3^/10
behavioral29 behavioral30
- Target
  
  .exe/TrappedV2.exe
- Size
  
  7.5MB
- MD5
  
  185209c5c3f0e3871931a17b36f1be6b
- SHA1
  
  ac9d47c6aaef2fc9d4e4035eb480ae08fa5b7483
- SHA256
  
  c77e124816a70e05f72e5c147f503fe40e4629de344bab593039a194766ef79b
- SHA512
  
  66650e214dcd1c69115a78adbc72f959eba63022817fac39a7225b3c5d115d85754a6e3fccfc075b65e8665bf0a1c7b8edb5d8f30ab241819cf0dc27cd8e218b
- SSDEEP
  
  98304:OQXWQRZdDwG1eFsr7/AgecPlcGxH0Ig17E3AAy5tx54D/SVnovDJTSPkIuQoK:O2/DwGcsAgectcGfcY3gtCcKSPn
Score

7^/10
- Loads dropped DLL
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32