General

  • Target

    SpyEye.zip

  • Size

    1.0MB

  • Sample

    241006-kw7g1s1blc

  • MD5

    2e0bb844572de2e88cbd23d76101bd16

  • SHA1

    8152e5a5187413ee20b36f4f059c47d594590a3c

  • SHA256

    fa3b854f0e4c0d35ca9a5647bc6935ee1e6a3920d9b951c51b2cb7bc1588c904

  • SHA512

    c2318b6bde935c9ed2410c4b508b79a7396265b2e97b788a0f32451077db1db3727a12f90471dc5b7a4974bbc7d811bbff1625457db43ae8f4881ff00e37ad40

  • SSDEEP

    24576:xx83QwgESJLldWfsqI4/rWhZPG44yuJoy7SHoIO1:IAwg7+sqI4/OZ/To7iox1

Malware Config

Targets

    • Target

      malware.exe

    • Size

      145KB

    • MD5

      15f994b0886f7d7c547e24859b991c33

    • SHA1

      bd828f7951b7ff7193943731a79cdf466f4c8def

    • SHA256

      df192e9020c411a26bf28d47b4eb859f5e375013ef250e46b86a930ae67d6bae

    • SHA512

      30a1452dac94ab61313c7f0bc33a79642759363befd5b21067af7197447f5d300e37aae1eb6283e24f4b5e0a885931365273de94f63f1c88ebb8d02a4e4a7ad0

    • SSDEEP

      3072:M3maCzqt/00KmxEYpyQxx0kerEJVpS1mcxR:M3maV/00KmxhN0kerEJomcx

    Score
    3/10
    • Target

      malware.ex~

    • Size

      68KB

    • MD5

      2b8a408b56eaf3ce0198c9d1d8a75ec0

    • SHA1

      7380159e70ae03d02b33353112fb2011cbe4b87c

    • SHA256

      966ba7601becffb361a55f02d02fc129903d19be45e793946361383106f521da

    • SHA512

      2a0a721d2d36a89ce25ef26968fa5443e53d7b0ee8bce48ada26f2578b8b6fa879e22be1a1efb219c712ca41a4f233b222536b3ec0b2a0bd39b21084b82f6848

    • SSDEEP

      1536:G2G9N3OmJcaNvYCXna0iHDqA00H8/V9/PSE39Gm1e:Gp/OmJUNzDT00cXKE39dQ

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      malware.exe

    • Size

      80KB

    • MD5

      0f37839f48f7fc77e6d50e14657fb96e

    • SHA1

      35698c61ad232ff90c5812372d23971118ea37cd

    • SHA256

      f097ad77b99b3744994a646d6a3577cea2faa8b9e656fcccbbd73244e227c850

    • SHA512

      72bf97c978cd4319198ac5a379d224ddc90e471251e9d817a2fe9ab362cbaab9f5f6647f2261689ddd8f340cce04e602e38faf907ac543ee5d4ad7ef23e3cbd5

    • SSDEEP

      1536:CtX20yVt4dA3bfyF6FwfxQ8WPmNgPez/FpaWD0i2CVyPBQcc0WYQirQ9Z:eZ0u6LBqJdWPdPezTmiRmiQ8irQH

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Target

      malware.ex~

    • Size

      66KB

    • MD5

      5942ba36cf732097479c51986eee91ed

    • SHA1

      7cddef600cdae3890bbe2a2587e44de11bbc57bb

    • SHA256

      9459b0d6f7cdec6860c458944386896f78cb60befdd04fbeab0df5b6661a3f81

    • SHA512

      dcbcc98bc4d120cdbb0846abc9c2ab621b993f116aaccfec12812ebb3f42f9584e66f87d717327ec6955fa3d18f56444f16c8de39fbafdeb857cf285f24532c4

    • SSDEEP

      1536:jDfWNrkKt4O2igKFicCR7fb/C7EchKmPKrjCKsOB0YxIma:jDfgj4OoICRvCwtZKOqCxa

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      malware.exe

    • Size

      147KB

    • MD5

      cefbe57fb29cbd911b28e1d9a8918ab0

    • SHA1

      c0c93f1afc0985fda540f8292f323d40f00c3198

    • SHA256

      9e72e4553bb8d724c3b625ece13632f26f1e9bebdad61ffeeb38ea5fab14b118

    • SHA512

      97ec327558d8c9a2551db02cd81cd4354d0831925f7e193b5036d21a601f764a48cffca05d59bf329d7fdea7c66e1c53eb00bcb30d6fe95dcc6bf74ab2806f20

    • SSDEEP

      3072:vCgR4N2ApH77yU06Y0a+rkaOQ7n4EXhMpe:6gR4NT0Z0aZah7n/hME

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      malware.ex~

    • Size

      133KB

    • MD5

      7779f923da8c1418764fecc7d1ba86cf

    • SHA1

      1dca672c62538457be0cfbccb6880c09d64d55b3

    • SHA256

      664a551f2dfb0cebf3d17d80e60d6fccf82b6b7f0dfeb0b8b715810e93555c01

    • SHA512

      747f50c3f42d23f397243d7f51652cef787ee385ebd561a6bd67afe5f7ca0229b278ecd6e957bc7fa666b061aaed9464cf1f027b92eaa28b7eef5ee7b02c02a8

    • SSDEEP

      3072:oBCtQr2DkD0lRLb+4hLTyU06Y0a+rkaOQ7n4EXhMpe:oCQrZD0XRh0Z0aZah7n/hME

    Score
    5/10
    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Target

      malware.exe

    • Size

      123KB

    • MD5

      84714c100d2dfc88629531f6456b8276

    • SHA1

      ecce2684f143b02fc187a4a6af22f1e9ed6c2c6f

    • SHA256

      861aa9c5ddcb5284e1ba4e5d7ebacfa297567c353446506ee4b4e39c84454b09

    • SHA512

      f5aa29698821747adb66d5c414958c4dfa82346ddb23b3b517eddcd36af90adf346527611c697022bf54f0da4410bc326d67ced3ebe4cca7e5be8f77bdcd9604

    • SSDEEP

      1536:k27ySIQJlLCzvOkzFf7y4gp5yWvAasTjny4n9V+i1tM5fZ8an8QpEpq:x1IQlLC7RzllWvAasrXbSj8aEI

    Score
    3/10
    • Target

      malware.exe

    • Size

      114KB

    • MD5

      4fcf540bd465177ee03e6d798ad162f0

    • SHA1

      8464065bca2b577ff861585f03ec42f443dc38c3

    • SHA256

      2cc636f4a1e76bd05ddc3c4cbdc8b2b848424d01146ae698e398795895007b77

    • SHA512

      c36789e362b9d5e5756caa8e9d52fdd6ff8632927bdc9d694c0a316a902a68691ec32634d45331ae8ff816cf5cb3ac1756c8eb3a510a5f98ac6a6abbeaf4725f

    • SSDEEP

      3072:slWhLIfG/dcG2aGp62L/uPddR0rAXR9C2G:slg5e62Tut0rQRt

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      malware.ex~

    • Size

      55KB

    • MD5

      97c73a29ab07f04458f5e8834f8db1ba

    • SHA1

      171565913cf53864c0ba1ff9dc414ed6ac473662

    • SHA256

      a7b061a30f875be1de8994084f2935175ccb4edce87a88fc4430c63e0f738376

    • SHA512

      44288cf1167e72ff6c6895a70691dbe8420d7287ae9908955188a1e9e1acdf45f5d80ecf0fc5bc327d02579c9418d051ac1a389125480b0471a57bfaf8c722c8

    • SSDEEP

      768:lPM/cDO4+7RL22jCTkH6FjHcEXjjkWDefrdUYpeRo52jZ2qVsignKk9:t8cDOXFnaeejjzD0rdooEwqVLwKk9

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks