Overview

overview

7

Static

static

3

dist.zip

windows11-21h2-x64

1

dist/LastActivity.exe

windows11-21h2-x64

7

hazard.pyc

windows11-21h2-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dist.zip

  • Size

    13.6MB

  • Sample

    240428-l8at9adc85

  • MD5

    fb76eb4711dd5ad1be43237bdd3d4ebe

  • SHA1

    b2e559e1921de07d11d8f7924f4f4b5d1f6617d7

  • SHA256

    b1d5614146ad73ea1e3176bb1d375fa0fd6f931c5fa60a531e964bd6a68e1661

  • SHA512

    066b8c53fcaa1d078a9612d6a0db4ba4536b54a555d50c8679232083cc0841ac333a96a9a0a6c248d749ed7732bbf94621a9d3343dbb67e72b457198f7e0cf33

  • SSDEEP

    393216:GUI9I56e2p1+OESUZ+y+hxCzq3sj0Ewxes5XeRs:3Q46eO1+h/D+hxCe8j02sJeRs

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      dist.zip

    • Size

      13.6MB

    • MD5

      fb76eb4711dd5ad1be43237bdd3d4ebe

    • SHA1

      b2e559e1921de07d11d8f7924f4f4b5d1f6617d7

    • SHA256

      b1d5614146ad73ea1e3176bb1d375fa0fd6f931c5fa60a531e964bd6a68e1661

    • SHA512

      066b8c53fcaa1d078a9612d6a0db4ba4536b54a555d50c8679232083cc0841ac333a96a9a0a6c248d749ed7732bbf94621a9d3343dbb67e72b457198f7e0cf33

    • SSDEEP

      393216:GUI9I56e2p1+OESUZ+y+hxCzq3sj0Ewxes5XeRs:3Q46eO1+h/D+hxCe8j02sJeRs

    Score
    1/10
    behavioral1

    • Target

      dist/LastActivity.exe

    • Size

      13.9MB

    • MD5

      a928bd31d8371e073b40b6042face5fa

    • SHA1

      4a7053396ef4a8fd76c0b833f46cc54448893f3c

    • SHA256

      aa62987e2095f7bf6f56d5c761a997c73f16ae8a9d768ab51c732249a3bded7d

    • SHA512

      cdcd60be7355348b95b649846d49bca5a22db3c6eb8d0ed4ae69d6fc9f74627c5be3f767a0d650582482fa2433ac494f768d8807b62adbdacff60ac469d3ab13

    • SSDEEP

      393216:DJ+Fe0EkDS5AW1c4q1+TtIiFYY9Z8D8Ccl6l7EOjKkPXK5:90raAWa4q1QtIDa8DZcIl7skvK5

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral2

    • Target

      hazard.pyc

    • Size

      44KB

    • MD5

      0f24b4d63698b22eb00ec26afc1557cf

    • SHA1

      1c05a66830edbd3745df41889b586693b16d4a80

    • SHA256

      a8eaa92eb9c06c25c36f61e2a5155fca007273415e4af3c88fa0c2d72ff24a43

    • SHA512

      feae467b24076eaaa6335ae3e85162626706e4d52ca13ac9c3e0956340cccfbf3a2ecc4d67fdc69ec9b1ff898771db44cd8e57d64653cf204712217ec2b3140e

    • SSDEEP

      768:NSnR/8dKL6/LxVw2F93LhqdOBjWAhFmJVFWgXgDV7gNKEug6/:NSnRk4LuF9NDxIV8ugDqdFK

    Score
    3/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks