Overview

overview

10

Static

static

10

main.exe

windows7-x64

7

main.exe

windows10-2004-x64

9

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.exe

  • Size

    17.8MB

  • Sample

    240821-1hd7basala

  • MD5

    eecb3a363cff6c5427e6d1584727f821

  • SHA1

    843a85f23f75ea655e1465e15b79744ab0efe87b

  • SHA256

    45c009a64acc8852adb110ac30c142b5cccd99b9660b1ab41ce1e8e3249e5478

  • SHA512

    5b8774bed861b57dd60a078590a4cf995f8fbedf98f90ff7db35db9b9d2f0cd8ec6093507b666f2d16f123d9af98e8add81c3aef93ee418e41cf5b90b8c06fe7

  • SSDEEP

    393216:xqPnLFXlreQ8DOETgsvfGFwgSP81vE2C30Mjkwq:YPLFXNeQhEb7Pr2RMi

Score
10/10
empyreancredential_accessdiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      main.exe

    • Size

      17.8MB

    • MD5

      eecb3a363cff6c5427e6d1584727f821

    • SHA1

      843a85f23f75ea655e1465e15b79744ab0efe87b

    • SHA256

      45c009a64acc8852adb110ac30c142b5cccd99b9660b1ab41ce1e8e3249e5478

    • SHA512

      5b8774bed861b57dd60a078590a4cf995f8fbedf98f90ff7db35db9b9d2f0cd8ec6093507b666f2d16f123d9af98e8add81c3aef93ee418e41cf5b90b8c06fe7

    • SSDEEP

      393216:xqPnLFXlreQ8DOETgsvfGFwgSP81vE2C30Mjkwq:YPLFXNeQhEb7Pr2RMi

    Score
    9/10
    upxcredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      23f5979e8d7409985f19a0c53c291621

    • SHA1

      3f3322f192fbddc1e09590c79d35789f6eee1132

    • SHA256

      a66490fa20b07ad35a61d43aacfceeaa9ca42134134ccb923b9698e0707dbee1

    • SHA512

      a7c858b95c3b5a1096dcbfd7b3e84b4505d36ddfa3f5b962ae0191a172b471984c165510ed49af90a7aa23fd95b89d5864e3b4f5f95ac7f0ad0f4dd8fd71e491

    • SSDEEP

      192:w3vlKynXD8ro2MWdXwFqGYDm+Jhwc5x13W1Mdw2EMnw:w3u6Wutxi2Ox13W1PvMw

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks