b749cc75224a853c131eb41664ea2491efc9b4cfa2d7b51b944d1ae3278a7aee

Sharing

Copy URL

Twitter E-mail

General

Target

SymacV2.2.rar
Size

16.0MB
Sample

240919-fmkvfasaqc
MD5

fc474450693b9a70cc878a8826d7aeaa
SHA1

f700c0b9fd1313f8c84897e67d4194acd0307b4b
SHA256

b749cc75224a853c131eb41664ea2491efc9b4cfa2d7b51b944d1ae3278a7aee
SHA512

4599990e082104e2e8b02db864806ae4cb798a9d394ba556a3cb078f404a90b044defa750edda9357a31ed038506bef07b9f91645f82698dcaff42b1e693ab3c
SSDEEP

196608:pE1WDl2eZ5ymeLKay9XpDn4EXSnzcStuxW2rOGPXNIEYvnrEkm2rCHJzOMNXEHFK:psWDoyNY9y3nD9f5rJXEn4kOpzOMeAcM

Score

9^/10

Malware Config

Targets

- Target
  
  setup.bat
- Size
  
  487B
- MD5
  
  80beab88b1867db0cd5c6d39b28862a8
- SHA1
  
  c496c0ed9939a746964763f2ea9f0a93af31ce72
- SHA256
  
  da503138e3c9691945efa00853d1a0705d2b68e2ccb8380d5ba61334326722dd
- SHA512
  
  4f5db844d799964ec3dab6995662d34ab67f8cb1d5eae8ca57456b3bfb95ccb2084dd45c212259ef628f72419f97bc64c67c9255f85d5253ad7985da7840c197
Score

1^/10
behavioral1 behavioral2
- Target
  
  symac.exe
- Size
  
  16.0MB
- MD5
  
  5357bce80610ab6480a939e51ab6dc3e
- SHA1
  
  ed879d284d3c84ca42ffe78303eae966063dc04d
- SHA256
  
  175e4e77f03bc4c7667cc6bcea71db027b057fad80ed7344c168e9a2ace46113
- SHA512
  
  ef90017f395a87ce41b4fac6105d277ecdef4bd5cf3ebd0f8937f5968bc13e54acf1e40b264a22b1929d6736a03fb62300e9ac801ef71340786a46bbbec5b29e
- SSDEEP
  
  393216:Hh9SqWvz+XOVVsdzeTGz7kpL+9qzTfbCk+7q301J5BOxemRy7CWHOc:B9Oz+XOLyZ78+9q/f5301jM8KhEz
Score

9^/10

upx credential_access discovery persistence privilege_escalation spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3 behavioral4
- Target
  
  tools/addpin.py
- Size
  
  5KB
- MD5
  
  ee17063bd2e29ac3d56641df002a132e
- SHA1
  
  b3e6e24e97b1a6a4aaac1806f692fd1581455243
- SHA256
  
  098aed7ba679fd41601bef0a4299565816286aed6e7950f9636790d9d3060d96
- SHA512
  
  04d09e01f1a47dd66fd48fae4f60ba6192084053477a58cf6f60e314dea8798687451528ee867b2490269da632861f369c99a01afac54cf2324062e35cafe375
- SSDEEP
  
  96:nFJelq5XP4oL4dsJPuCLI/5xgJ5onRnGuQXcu:nnXAdsXI/5UoR58cu
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  tools/generateaccount.py
- Size
  
  5KB
- MD5
  
  ee17063bd2e29ac3d56641df002a132e
- SHA1
  
  b3e6e24e97b1a6a4aaac1806f692fd1581455243
- SHA256
  
  098aed7ba679fd41601bef0a4299565816286aed6e7950f9636790d9d3060d96
- SHA512
  
  04d09e01f1a47dd66fd48fae4f60ba6192084053477a58cf6f60e314dea8798687451528ee867b2490269da632861f369c99a01afac54cf2324062e35cafe375
- SSDEEP
  
  96:nFJelq5XP4oL4dsJPuCLI/5xgJ5onRnGuQXcu:nnXAdsXI/5UoR58cu
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  tools/getcookies.py
- Size
  
  3KB
- MD5
  
  e0a94ef952589351f768cf317597250a
- SHA1
  
  8d9ff43b5b2c37efc25edc3d902a965620e9cf10
- SHA256
  
  7363f5f2fb15a22d48c7fddf81a9ce4100159b2715b0ffeb31104f9202b65f50
- SHA512
  
  d67c69edb5eb7883eb661678d134b93a9d18646d3a92b88ef224f0d9ac07269f7a799e83535653965f84f0011eeee639ad1a327f4d08949d2fd6d9381f6d4bd6
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  tools/instantlogin.py
- Size
  
  913B
- MD5
  
  c8b8b9f4a0874516ececba31711fe54a
- SHA1
  
  bac1ba3efade980142cb7b648e2acd60d7b86754
- SHA256
  
  e0ad2548c39fac1f4dfb8250b5fcb818ea255d017cb25375cd37f31e314e51e7
- SHA512
  
  1f5ccae0abec4e24d6f52ccc5b0bac284d248760eb3148e33ec4afe703d4d817a4d8d955e0575da9dfe6fbb49c2ccef101ed66adc3be3c46c060dc5cabe0affd
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  tools/inventory.py
- Size
  
  3KB
- MD5
  
  e0a94ef952589351f768cf317597250a
- SHA1
  
  8d9ff43b5b2c37efc25edc3d902a965620e9cf10
- SHA256
  
  7363f5f2fb15a22d48c7fddf81a9ce4100159b2715b0ffeb31104f9202b65f50
- SHA512
  
  d67c69edb5eb7883eb661678d134b93a9d18646d3a92b88ef224f0d9ac07269f7a799e83535653965f84f0011eeee639ad1a327f4d08949d2fd6d9381f6d4bd6
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  tools/logingmail.py
- Size
  
  913B
- MD5
  
  c8b8b9f4a0874516ececba31711fe54a
- SHA1
  
  bac1ba3efade980142cb7b648e2acd60d7b86754
- SHA256
  
  e0ad2548c39fac1f4dfb8250b5fcb818ea255d017cb25375cd37f31e314e51e7
- SHA512
  
  1f5ccae0abec4e24d6f52ccc5b0bac284d248760eb3148e33ec4afe703d4d817a4d8d955e0575da9dfe6fbb49c2ccef101ed66adc3be3c46c060dc5cabe0affd
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  tools/unfriendall.py
- Size
  
  5KB
- MD5
  
  ee17063bd2e29ac3d56641df002a132e
- SHA1
  
  b3e6e24e97b1a6a4aaac1806f692fd1581455243
- SHA256
  
  098aed7ba679fd41601bef0a4299565816286aed6e7950f9636790d9d3060d96
- SHA512
  
  04d09e01f1a47dd66fd48fae4f60ba6192084053477a58cf6f60e314dea8798687451528ee867b2490269da632861f369c99a01afac54cf2324062e35cafe375
- SSDEEP
  
  96:nFJelq5XP4oL4dsJPuCLI/5xgJ5onRnGuQXcu:nnXAdsXI/5UoR58cu
Score

3^/10

discovery
behavioral17 behavioral18