f60ec821207320581a6522fea6ccac93e88092c1d33edb3447867eaecf3fa9af | Triage

Resubmissions

13-03-2021 07:55

210313-2xjaehaewn 7

23-02-2021 13:48

210223-a1s7vv1bh2 7

Sharing

General

Target

fef327ef4c772669911b4a364efe9a78
Size

8.8MB
Sample

210223-a1s7vv1bh2
MD5

fef327ef4c772669911b4a364efe9a78
SHA1

639f4e4c3681b6bfdd7823a0243577027a47ddf4
SHA256

f60ec821207320581a6522fea6ccac93e88092c1d33edb3447867eaecf3fa9af
SHA512

41b0abbd3e321e1e9d7143a668f717823d05c590c1fda2897ea17e762e15c37455b3eed585e6690be20b3ca6ee267a0ddb06d0929fd40439eac994bef56f8d54

Score

7^/10

pyinstaller spyware

Malware Config

Targets

- Target
  
  fef327ef4c772669911b4a364efe9a78
- Size
  
  8.8MB
- MD5
  
  fef327ef4c772669911b4a364efe9a78
- SHA1
  
  639f4e4c3681b6bfdd7823a0243577027a47ddf4
- SHA256
  
  f60ec821207320581a6522fea6ccac93e88092c1d33edb3447867eaecf3fa9af
- SHA512
  
  41b0abbd3e321e1e9d7143a668f717823d05c590c1fda2897ea17e762e15c37455b3eed585e6690be20b3ca6ee267a0ddb06d0929fd40439eac994bef56f8d54
Score

7^/10

spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2