84b06a7712e90b0ddd4b1375f49882c9e384195a04325bb275708185a56adf75 | Triage

Sharing

General

Target

SeraphNuker.rar
Size

8.1MB
Sample

211022-jftesacbdl
MD5

91751813a323fa60dda186c02663aa02
SHA1

445e9518fd01bb1fa7fdee0f917cdd3b74dd16af
SHA256

84b06a7712e90b0ddd4b1375f49882c9e384195a04325bb275708185a56adf75
SHA512

3a4503abd5c58e16969f9d5459f13ca99468843ebe7e59559bec4ff5a18b2e9183c5c0b94feb64ea346cb7d27bac80fdc092fd529b9ccf0e5fe9115aa0037fd9

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  SeraphNuker/seraph.exe
- Size
  
  8.3MB
- MD5
  
  827db2567095ca4df839c873d1b2db2a
- SHA1
  
  b8f13a2accee2f7309db6fdda702a397a24ecb65
- SHA256
  
  74529c97adc11d4248f535eaf092d262663d236113284656685881d84f5208df
- SHA512
  
  9637169505572ac2eb2d5c39fabe3877d6497dfd405f209fd871e946ae4e3c636ecdd473a36d1e1ea9c59618f8bfd80656c6219c8049408c5e4edc4672e4894e
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2