48f57545e22a7a68214781735f258390fb0cc0494a3bd74b19704bc22fda5d1c | Triage

Submit
Reports

Overview

overview

8

Static

static

3

48f57545e2...1c.exe

windows7-x64

8

48f57545e2...1c.exe

windows10-2004-x64

8

Sharing

General

Target

48f57545e22a7a68214781735f258390fb0cc0494a3bd74b19704bc22fda5d1c
Size

447KB
Sample

241121-hettgstpgl
MD5

71eebcc8dde40d7c339aa6d4aa947576
SHA1

99ae9c812d992335a3c7d7cd139d2b5955fe82f6
SHA256

48f57545e22a7a68214781735f258390fb0cc0494a3bd74b19704bc22fda5d1c
SHA512

441f302143be42a2d88075e6aeeb1afa879de49d462adc641e8e1293c746fd4bc4ea079f504e6534a8841a445ff306c05a8c410538f9bd820cc530da12013bc8
SSDEEP

12288:K03Nb8A65XwlYgrHy6V17kr8+m73q+pgkxzdxRlabQYtCAZ5cIkKix:K03NmwlBrygOW3q49ldx7XIa

Score

8^/10

discovery spyware stealer upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

48f57545e22a7a68214781735f258390fb0cc0494a3bd74b19704bc22fda5d1c.exe

Resource

win7-20241010-en

discovery spyware stealer upx

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

48f57545e22a7a68214781735f258390fb0cc0494a3bd74b19704bc22fda5d1c.exe

Resource

win10v2004-20241007-en

discovery spyware stealer upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  48f57545e22a7a68214781735f258390fb0cc0494a3bd74b19704bc22fda5d1c
- Size
  
  447KB
- MD5
  
  71eebcc8dde40d7c339aa6d4aa947576
- SHA1
  
  99ae9c812d992335a3c7d7cd139d2b5955fe82f6
- SHA256
  
  48f57545e22a7a68214781735f258390fb0cc0494a3bd74b19704bc22fda5d1c
- SHA512
  
  441f302143be42a2d88075e6aeeb1afa879de49d462adc641e8e1293c746fd4bc4ea079f504e6534a8841a445ff306c05a8c410538f9bd820cc530da12013bc8
- SSDEEP
  
  12288:K03Nb8A65XwlYgrHy6V17kr8+m73q+pgkxzdxRlabQYtCAZ5cIkKix:K03NmwlBrygOW3q49ldx7XIa
Score

8^/10

discovery spyware stealer upx
- Drops file in Drivers directory
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealerupx

behavioral2

discoveryspywarestealerupx

© 2018-2025

Terms | Privacy