c9ac9582c979029bb83b4b14b735c764ef94bdac3dd59ebe5963d2ca0ad5f897 | Triage

Sharing

General

Target

23fda8b2da7bbe3920802e2f12040ec0
Size

6.9MB
Sample

210223-g9kr8xfhcj
MD5

23fda8b2da7bbe3920802e2f12040ec0
SHA1

4c4897bf596db179ea4a14f088b8aa1c6d229b1e
SHA256

c9ac9582c979029bb83b4b14b735c764ef94bdac3dd59ebe5963d2ca0ad5f897
SHA512

62b73d0e3f2695b63f0a7109c3a62f3efb7391f5fb917fd55724e9909b4ff38a737db857f20877e7d505bb927677e024830908026fb361071edca90dae1ab942

Score

7^/10

pyinstaller spyware

Malware Config

Targets

- Target
  
  23fda8b2da7bbe3920802e2f12040ec0
- Size
  
  6.9MB
- MD5
  
  23fda8b2da7bbe3920802e2f12040ec0
- SHA1
  
  4c4897bf596db179ea4a14f088b8aa1c6d229b1e
- SHA256
  
  c9ac9582c979029bb83b4b14b735c764ef94bdac3dd59ebe5963d2ca0ad5f897
- SHA512
  
  62b73d0e3f2695b63f0a7109c3a62f3efb7391f5fb917fd55724e9909b4ff38a737db857f20877e7d505bb927677e024830908026fb361071edca90dae1ab942
Score

7^/10

spyware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2