Overview

overview

10

Static

static

10

Particle.exe

windows7-x64

7

Particle.exe

windows10-2004-x64

7

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Particle.exe

  • Size

    18.4MB

  • Sample

    241013-27pvsawhrm

  • MD5

    5034635dbc641bc6af5cf3f950eb4ca0

  • SHA1

    480ed67e33136f6a7bf329b1b0df6717f958a072

  • SHA256

    e199cd8a6297d6846f6e2a5a3e8e2450c3c6a9138ab18dc098a34a16bb107bb2

  • SHA512

    f54c72f27af038beb00be4395158fec30973893b6a00e4e822cc29ee01df07148c1180fa94d56902288c1f75fdf205dcd5e2841da5151ea4fea789523fa29fc3

  • SSDEEP

    393216:+qPnLFXlrPYgQpDOETgs77fGWg/fxs82vEmiQVFFL2:zPLFXNPRQoE7tafukEVFJ

Score
10/10
empyreandiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Particle.exe

    • Size

      18.4MB

    • MD5

      5034635dbc641bc6af5cf3f950eb4ca0

    • SHA1

      480ed67e33136f6a7bf329b1b0df6717f958a072

    • SHA256

      e199cd8a6297d6846f6e2a5a3e8e2450c3c6a9138ab18dc098a34a16bb107bb2

    • SHA512

      f54c72f27af038beb00be4395158fec30973893b6a00e4e822cc29ee01df07148c1180fa94d56902288c1f75fdf205dcd5e2841da5151ea4fea789523fa29fc3

    • SSDEEP

      393216:+qPnLFXlrPYgQpDOETgs77fGWg/fxs82vEmiQVFFL2:zPLFXNPRQoE7tafukEVFJ

    Score
    7/10
    upxdiscoverypersistenceprivilege_escalationspywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      67e1731fa5bb1ccf4e3effe4f0c1f800

    • SHA1

      fbb06edcd333b296fff194c7694f8d2bea93781a

    • SHA256

      2a2259a7e4baff32e8d86b4c0d5e3fcbeb9f389d87c9c3032d86ddaa194cb91f

    • SHA512

      07087cebe8aa478a36c5a37b24524af6685ed6d20f3266c44b7b861923e16c5feb2babe9a1dc13c6f032be21ea5e6e64726b45980f684196180bd66165e74839

    • SSDEEP

      192:w8MzxtNAD8idWdXwLclOx2EIgHVqJhwF4Jb4KMdwj55nw:LIJwWuoQxMg1O2oPj/w

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks