Overview

overview

10

Static

static

10

NEO_Private.exe

windows10-2004-x64

7

main.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    NEO_Private.exe

  • Size

    17.8MB

  • Sample

    250105-aaf3tswlgr

  • MD5

    af9067df231376a3cfb1c2944d355a30

  • SHA1

    b2b5aca970b75dab46ba3f8c2c93b0bfd841dfad

  • SHA256

    e91e0c6a38be7697c0d7fae0b748d1bc2c47777a84452eaf7f34a1d552f4bf76

  • SHA512

    d862bea961c7fdb8befaeb60d38046ec87607d56919af66afb5780e2a73237c0001346ab04e3a46b83b93d3c5cdbecd2c58ce5274c5b21334398bce770faa14d

  • SSDEEP

    393216:FqPnLFXlr5Q8DOETgsvfGF5ghrBvEUi8UnJycq:8PLFXN5QhECMWdnu

Score
10/10
empyreandiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      NEO_Private.exe

    • Size

      17.8MB

    • MD5

      af9067df231376a3cfb1c2944d355a30

    • SHA1

      b2b5aca970b75dab46ba3f8c2c93b0bfd841dfad

    • SHA256

      e91e0c6a38be7697c0d7fae0b748d1bc2c47777a84452eaf7f34a1d552f4bf76

    • SHA512

      d862bea961c7fdb8befaeb60d38046ec87607d56919af66afb5780e2a73237c0001346ab04e3a46b83b93d3c5cdbecd2c58ce5274c5b21334398bce770faa14d

    • SSDEEP

      393216:FqPnLFXlr5Q8DOETgsvfGF5ghrBvEUi8UnJycq:8PLFXN5QhECMWdnu

    Score
    7/10
    discoverypersistenceprivilege_escalationspywarestealerupx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      main.pyc

    • Size

      7KB

    • MD5

      1836a01e43d8020d70ad6dc56e6b93a7

    • SHA1

      e0947d47956c956be1de716b86eafa04440e47e6

    • SHA256

      f57c50aa8f71a93054e6b06ea1006b24b6d865c682d4f6a79c6d7061197cc2ef

    • SHA512

      ab69de8028f8f13d42b6d1053574d8b79d96f746f234b3355769663a687d130e8282f22a6472fbebaa5b6dce32048869c54b27894e84aeb80c31ec9d4bbed559

    • SSDEEP

      192:wcP2LoD8OOWdXwQnG4by3mJhwDuiPrMdwAxnw:GLTWuAG3K25TPAw

    Score
    3/10
    behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks