fdff65ae03fab7bfd6f943833bf7aa16f6ada9219786995df9ef7127ab9aa93d | Triage

Sharing

General

Target

fdff65ae03fab7bfd6f943833bf7aa16f6ada9219786995df9ef7127ab9aa93d
Size

7.4MB
Sample

220511-3a8gascff3
MD5

469489356d4d460400442bd1b5d92f33
SHA1

f439ac9d830db7132f9343b4d85f707ee36e8c7b
SHA256

fdff65ae03fab7bfd6f943833bf7aa16f6ada9219786995df9ef7127ab9aa93d
SHA512

fc8c57ea88108d8dbe2117eb90fc08cc7d52f3f89c1de5d5b4bd61a5f40067edba4367f606df8cbe6c8ae30a19053b5614bd9232c8bc206c8786004fd0b229ae

Score

10^/10

pyinstaller spyware stealer

Malware Config

Extracted

Credentials

Protocol: ftp
Host:
rudy.zzz.com.ua
Port:
21
Username:
malina1306
Password:
Gh889900!

Targets

- Target
  
  fdff65ae03fab7bfd6f943833bf7aa16f6ada9219786995df9ef7127ab9aa93d
- Size
  
  7.4MB
- MD5
  
  469489356d4d460400442bd1b5d92f33
- SHA1
  
  f439ac9d830db7132f9343b4d85f707ee36e8c7b
- SHA256
  
  fdff65ae03fab7bfd6f943833bf7aa16f6ada9219786995df9ef7127ab9aa93d
- SHA512
  
  fc8c57ea88108d8dbe2117eb90fc08cc7d52f3f89c1de5d5b4bd61a5f40067edba4367f606df8cbe6c8ae30a19053b5614bd9232c8bc206c8786004fd0b229ae
Score

10^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2