Overview

overview

10

Static

static

10

main.exe

windows11-21h2-x64

7

main.pyc

windows11-21h2-x64

3

Resubmissions

05-12-2024 13:21

241205-qlrlpswmet 10

05-12-2024 11:06

241205-m7hzxaxngq 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    main.exe

  • Size

    17.6MB

  • Sample

    241205-m7hzxaxngq

  • MD5

    4edced436524b16a1f5eaeaf7d182346

  • SHA1

    e2626eacc78d6573d7696407f0de1db5be040135

  • SHA256

    a0c2878314622706025c60f880d11c7af08b2900e9603d580d9cfd6544599d71

  • SHA512

    45b26f06998c2085c14c2d2825b540458be65916a869d77eb360228ceacc7ae303f3ad581075d8c046640c5093102a2c31b91692f69fd5af2fd4f753c22c4ded

  • SSDEEP

    393216:DqPnLFXlr8gQpDOETgsvfG9wagqKvECk6C1uAL9q:GPLFXNlQoEM1jaC1u2o

Score
10/10
empyreandiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      main.exe

    • Size

      17.6MB

    • MD5

      4edced436524b16a1f5eaeaf7d182346

    • SHA1

      e2626eacc78d6573d7696407f0de1db5be040135

    • SHA256

      a0c2878314622706025c60f880d11c7af08b2900e9603d580d9cfd6544599d71

    • SHA512

      45b26f06998c2085c14c2d2825b540458be65916a869d77eb360228ceacc7ae303f3ad581075d8c046640c5093102a2c31b91692f69fd5af2fd4f753c22c4ded

    • SSDEEP

      393216:DqPnLFXlr8gQpDOETgsvfG9wagqKvECk6C1uAL9q:GPLFXNlQoEM1jaC1u2o

    Score
    7/10
    discoverypersistenceprivilege_escalationspywarestealerupx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      ac14f61d727902dd35a3a73d3e220aba

    • SHA1

      ebd2b5f118e90bda716b81b7706d607f6bdec1ea

    • SHA256

      5d13eb2e03a8b2aa9506f507283f5c2cf37d7271ac6be885a8241f03131e155c

    • SHA512

      eb928c6ab1f15150b754c1e8f86fc87de7be1ea31bcd3c5622aa712a4a2ce443c70d691f3e2983536abe1673c9099847f61882d5abbb3aaf9670275c30647511

    • SSDEEP

      192:waAqjCD89PWdXwfmx+mjAfvtvJhwmQ0Mdw/I6Cnw:R9jJWufpbvtR2F0P/I6Cw

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks