f0ba219cbdc64c310e9446963a6421b4cc09fd672a2a0fe97ee4799656c66e3f | Triage

Sharing

General

Target

AlanaMoreVids.exe
Size

6.6MB
Sample

211110-p5wjbsebfj
MD5

fda1351ee5c3e6906bb7c67165ed7e5d
SHA1

1279cee45501328d99d8fb918329702c101bdb46
SHA256

f0ba219cbdc64c310e9446963a6421b4cc09fd672a2a0fe97ee4799656c66e3f
SHA512

c19d06a41e4544efc44c6cbbcbaa1781b6271d4c8a197c1cf4e3073fd10811259219e798c297321674e5897e6721d7647857b6d33def58b696212ff62b3e17d6

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  AlanaMoreVids.exe
- Size
  
  6.6MB
- MD5
  
  fda1351ee5c3e6906bb7c67165ed7e5d
- SHA1
  
  1279cee45501328d99d8fb918329702c101bdb46
- SHA256
  
  f0ba219cbdc64c310e9446963a6421b4cc09fd672a2a0fe97ee4799656c66e3f
- SHA512
  
  c19d06a41e4544efc44c6cbbcbaa1781b6271d4c8a197c1cf4e3073fd10811259219e798c297321674e5897e6721d7647857b6d33def58b696212ff62b3e17d6
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2