Overview

overview

10

Static

static

10

VespyGrabber.exe

windows7-x64

7

VespyGrabber.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    VespyGrabber.exe

  • Size

    13.9MB

  • Sample

    241110-nvpscswfma

  • MD5

    7e959b965c38ccf73416218e2272e098

  • SHA1

    c6ca655662ba9be4f765c28db5d2e1b384260e58

  • SHA256

    7dd7670685a7856ea0675983e14e0e103cb8f189aa0e87dfd1ea984e11c9015f

  • SHA512

    032305e28bab9d39835705d6b1e5d9a2f0a3347a9bad5625867e24ddb3a07e7b3377a1095252dd90bccfb49234affd73921db7cb7fa2b4f497de69578021d6d0

  • SSDEEP

    196608:/d/lOqPnih8FXj+hYeB0sKYu/PaQgKDnO8NpHzgsAGKaRZtG77CTRzbtqlKMYm0F:mqPnLFCjQpDOETgsv/GvkT6Ko0TEk

Score
10/10
empyreandiscoverypersistencepyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      VespyGrabber.exe

    • Size

      13.9MB

    • MD5

      7e959b965c38ccf73416218e2272e098

    • SHA1

      c6ca655662ba9be4f765c28db5d2e1b384260e58

    • SHA256

      7dd7670685a7856ea0675983e14e0e103cb8f189aa0e87dfd1ea984e11c9015f

    • SHA512

      032305e28bab9d39835705d6b1e5d9a2f0a3347a9bad5625867e24ddb3a07e7b3377a1095252dd90bccfb49234affd73921db7cb7fa2b4f497de69578021d6d0

    • SSDEEP

      196608:/d/lOqPnih8FXj+hYeB0sKYu/PaQgKDnO8NpHzgsAGKaRZtG77CTRzbtqlKMYm0F:mqPnLFCjQpDOETgsv/GvkT6Ko0TEk

    Score
    7/10
    upxdiscoverypersistencespywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks