2d1aa9668b7f34a6dfde465a7a460e52be0d85878eb0891c50dacc242e472834 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

PapuGrabber.exe

windows10-1703-x64

8

Sharing

General

Target

PapuGrabber.exe
Size

7KB
Sample

240627-zbhqgs1hkm
MD5

9eca5ad739803ecff2c4cc041ad16871
SHA1

d45335518390c11363f669c462a0d7a7dc8c091b
SHA256

2d1aa9668b7f34a6dfde465a7a460e52be0d85878eb0891c50dacc242e472834
SHA512

6b16cdddf1a2e387704664e8dedbc103ffc3de2d0e59a0295ff7de0f5a339012b1b22815604bd520281382e3cecd38f80d5fae5851d4c02c1d19b044497d4119
SSDEEP

192:0ey1N4IFycEDDaOOdQm0OBrYvE2YzJ3HA:0eI4IUDaOOdtrY9A

Score

8^/10

persistence spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

PapuGrabber.exe

Resource

win10-20240404-en

persistence spyware stealer

windows10-1703-x64

22 signatures

600 seconds

Malware Config

Targets

- Target
  
  PapuGrabber.exe
- Size
  
  7KB
- MD5
  
  9eca5ad739803ecff2c4cc041ad16871
- SHA1
  
  d45335518390c11363f669c462a0d7a7dc8c091b
- SHA256
  
  2d1aa9668b7f34a6dfde465a7a460e52be0d85878eb0891c50dacc242e472834
- SHA512
  
  6b16cdddf1a2e387704664e8dedbc103ffc3de2d0e59a0295ff7de0f5a339012b1b22815604bd520281382e3cecd38f80d5fae5851d4c02c1d19b044497d4119
- SSDEEP
  
  192:0ey1N4IFycEDDaOOdQm0OBrYvE2YzJ3HA:0eI4IUDaOOdtrY9A
Score

8^/10

persistence spyware stealer
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads local data of messenger clients
  Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer

© 2018-2025

Terms | Privacy