4a143d32786d93070300258d914d0faffbe2ca56d9dea8e4a0f4ed021ad3a119 | Triage

Sharing

General

Target

TOOLS_GG_BY_DevXyZ.exe
Size

6.6MB
Sample

210925-nz1qescbe4
MD5

1d438113b251469676a8b4f313f4eab7
SHA1

93b195353a401057b09656e5c2123790fdb97519
SHA256

4a143d32786d93070300258d914d0faffbe2ca56d9dea8e4a0f4ed021ad3a119
SHA512

fd25ca20b820d2d28ad7d84e2c7b17d101205cf13144e47387f6fd4f93ec50a01a5c013a87ebf1aa84160fab2de817344c37f20ace9a33545b3cdc0603cb793c

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  TOOLS_GG_BY_DevXyZ.exe
- Size
  
  6.6MB
- MD5
  
  1d438113b251469676a8b4f313f4eab7
- SHA1
  
  93b195353a401057b09656e5c2123790fdb97519
- SHA256
  
  4a143d32786d93070300258d914d0faffbe2ca56d9dea8e4a0f4ed021ad3a119
- SHA512
  
  fd25ca20b820d2d28ad7d84e2c7b17d101205cf13144e47387f6fd4f93ec50a01a5c013a87ebf1aa84160fab2de817344c37f20ace9a33545b3cdc0603cb793c
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2