58185aef58b2fdefa6579bfb7a30048f3b91efe1560f355a3f71c95614dded2f | Triage

Sharing

General

Target

Optimizer.zip
Size

107KB
Sample

241127-kn81wasrcn
MD5

f3bcf6b8ed0e5affe06a1b1d4f3f2820
SHA1

844cfea6390aa3644dfad9c6f9a2833109147158
SHA256

58185aef58b2fdefa6579bfb7a30048f3b91efe1560f355a3f71c95614dded2f
SHA512

2650f04a08f7e02c53cb69a224817041ef6ffb29bdd4ec3f75e876c5736d3dbe23004405fac676fc0966bb37eead4859e48cdcf42b458ed65d6c5f951f33fc0d
SSDEEP

3072:82mvPbZSkmUJlum6XhJTaiWswHaVcScs7U3/Dwr8g/I:8PvPbZvV7udxtaiWpaVcEU3MP/I

Score

8^/10

discovery exploit spyware stealer upx

Malware Config

Targets

- Target
  
  Optimizer.exe
- Size
  
  159KB
- MD5
  
  a5eb0d1b79f64f7ace12d65e26a6d4f3
- SHA1
  
  b0386cb68d3b771687b5e4ac9d133db9a8d201f0
- SHA256
  
  94b05cc89c01e748e28bfe6b0484f27af6b0fb3814cdf8b5995c4138c3779eff
- SHA512
  
  7fd40a59517c7702ea13ecf1eea8f6779f691337837619841b27ffcf396ea69751429ea2cf607f451cd0712ae708d91e1953e0132c6c3603fc4382f766d880ac
- SSDEEP
  
  3072:MwavFbFSymUJlum6XhJTeiWswHQVcScs7e3/0omHPOTvYFZloH8:MnvFbFfV7udxteiWpQVcEe3MAvYFZloc
Score

8^/10

discovery exploit spyware stealer upx
- Drops file in Drivers directory
- Manipulates Digital Signatures
  Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
- Drops file in System32 directory
- Modifies termsrv.dll
  Commonly used to allow simultaneous RDP sessions.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Remote Services

Remote Desktop Protocol

Replication Through Removable Media

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexploitspywarestealerupx