Extracted

• • Target

    c9e89e2412ee82da3b8291d54d07a17445fda8751ba8b1b23c1febf240497f1bN

  • Size

    6.9MB

  • MD5

    ba9020e6d74b1158717649a95e775720

  • SHA1

    2a0633ff5b3995cef7e464c3f1787218712cb63a

  • SHA256

    c9e89e2412ee82da3b8291d54d07a17445fda8751ba8b1b23c1febf240497f1b

  • SHA512

    07a69f3a6ebde35c9d44a3ca3d6346bb47b9e29acd28d94e91d3bca1e3738f92019953a5d4d123350ea1feb9abb6f9564556ade0e0e0fb4afc008cce56cdf9d7

  • SSDEEP

    98304:aPDjWM8JEE1rczamaHl3Ne4i3Tf2PkOpfW9hZMMoVmkzhxIdfXeRaYKJJcGhEIFt:aP0s2eNTfm/pf+xk4dWRatrbWOjgKP

  Score

  10^/10

  upxcollectioncredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Drops file in Drivers directory

  • Clipboard Data

    Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    collection

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Unsecured Credentials: Credentials In Files

    Steal credentials from unsecured files.

    credential_accessstealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Obfuscated Files or Information: Command Obfuscation

    Adversaries may obfuscate content during command execution to impede detection.

    defense_evasion

  • Enumerates processes with tasklist

    discovery

  • Hide Artifacts: Hidden Files and Directories

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2