9a171356b47003ea038e123e7fd636d491b48fdef992155d422ce46f8e8d3518 | Triage

Sharing

General

Target

83409b2b12d2a4ac2a46a4758d155d59
Size

6.5MB
Sample

210223-4a8akkhsvs
MD5

83409b2b12d2a4ac2a46a4758d155d59
SHA1

d12a9bf78ada72e3bf6a8e97805e281b789d25b4
SHA256

9a171356b47003ea038e123e7fd636d491b48fdef992155d422ce46f8e8d3518
SHA512

c18ca02e545cc7aa603a8e4d9f071bbd1ab52a98918de8a4bb0a8a21ea702c698c716dece1175c07917e9bf4db511b8b15366402e64bc28cb60fe952e14776b2

Score

7^/10

pyinstaller spyware

Malware Config

Targets

- Target
  
  83409b2b12d2a4ac2a46a4758d155d59
- Size
  
  6.5MB
- MD5
  
  83409b2b12d2a4ac2a46a4758d155d59
- SHA1
  
  d12a9bf78ada72e3bf6a8e97805e281b789d25b4
- SHA256
  
  9a171356b47003ea038e123e7fd636d491b48fdef992155d422ce46f8e8d3518
- SHA512
  
  c18ca02e545cc7aa603a8e4d9f071bbd1ab52a98918de8a4bb0a8a21ea702c698c716dece1175c07917e9bf4db511b8b15366402e64bc28cb60fe952e14776b2
Score

7^/10

spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2