Extracted

• • Target

    2025-01-29_526525d75f161d27a3f036f434708d68_bkransomware_hawkeye_luca-stealer_magniber

  • Size

    7.9MB

  • MD5

    526525d75f161d27a3f036f434708d68

  • SHA1

    1c2bcedd7f7c1cf9102be93f95c89641dcff7b89

  • SHA256

    c783c11471ac1c8bb78cb0d814f77efbbb655cb645872e77b2681806364628f5

  • SHA512

    1ea8d925a5c61ae392323d4b39dd55acab1a531b643d8143c197f990ced22c1edc695f4f9ff8d9467f205a569e11c0a26b0c99a70a1b260febedfe6777cf7a86

  • SSDEEP

    196608:BG9cL2kwBDQIzfsiKhfkfGxm+LTmLbSq7ii9GY7kQX:p2kwBM23KhfkOxRsD7T9hB

  Score

  10^/10

  salitybackdoordefense_evasiondiscoveryspywarestealertrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    defense_evasiontrojan

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2