69430b2eded39ee11bb501e6f2c8bdaa5eea26c0b396c3304ffe9ad30092a059 | Triage

Sharing

General

Target

c930ec448cece9cff8b4f52baab02204
Size

6.5MB
Sample

210223-44fjwwxjjn
MD5

c930ec448cece9cff8b4f52baab02204
SHA1

55a93da97de6969f5212df1000072a0fc23c794c
SHA256

69430b2eded39ee11bb501e6f2c8bdaa5eea26c0b396c3304ffe9ad30092a059
SHA512

a522cbc1e89cd9c857ac456a0ed789c7e46ebd418899a1c3ee061bc42f3f9155836b1d939cecbf3ea88f3b2a0a599853cf54a66aa7d1c930fdcaec8008bcde5b

Score

7^/10

pyinstaller spyware

Malware Config

Targets

- Target
  
  c930ec448cece9cff8b4f52baab02204
- Size
  
  6.5MB
- MD5
  
  c930ec448cece9cff8b4f52baab02204
- SHA1
  
  55a93da97de6969f5212df1000072a0fc23c794c
- SHA256
  
  69430b2eded39ee11bb501e6f2c8bdaa5eea26c0b396c3304ffe9ad30092a059
- SHA512
  
  a522cbc1e89cd9c857ac456a0ed789c7e46ebd418899a1c3ee061bc42f3f9155836b1d939cecbf3ea88f3b2a0a599853cf54a66aa7d1c930fdcaec8008bcde5b
Score

7^/10

spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2