d7cc4b784b99059da72ddaeaa75a6a7631079c4dda5d542d6339df3c75b6c8d8 | Triage

Sharing

General

Target

27e6351549452b51c0137c805a7bb622
Size

274KB
Sample

210727-2vccn64jza
MD5

27e6351549452b51c0137c805a7bb622
SHA1

3162c36e453ef38b112df56ed1f5f3c6a6a5b984
SHA256

d7cc4b784b99059da72ddaeaa75a6a7631079c4dda5d542d6339df3c75b6c8d8
SHA512

9ae067e4de686535a0f60479b3d1fb232f36344f2116470d4ab5208becbfaeee0fd0a7e67292be5a3e0c1a3779c90e91e1347e4876a849522084ab619bac2164

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  27e6351549452b51c0137c805a7bb622
- Size
  
  274KB
- MD5
  
  27e6351549452b51c0137c805a7bb622
- SHA1
  
  3162c36e453ef38b112df56ed1f5f3c6a6a5b984
- SHA256
  
  d7cc4b784b99059da72ddaeaa75a6a7631079c4dda5d542d6339df3c75b6c8d8
- SHA512
  
  9ae067e4de686535a0f60479b3d1fb232f36344f2116470d4ab5208becbfaeee0fd0a7e67292be5a3e0c1a3779c90e91e1347e4876a849522084ab619bac2164
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2