a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6 | Triage

Sharing

General

Target

a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
Size

5.8MB
Sample

220511-3aetzsfcgr
MD5

8fb56c2b40e3c7288d5ed5b0df5a7ea6
SHA1

4442c48c00a4b097a49db5417090465fb31ebd94
SHA256

a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
SHA512

39e77d632e885ab49022a93f047d38b378714824f935a9e0ce8c68c09b3360f7f3c774b6f386810220b8b74513b56e7ebbe4f428a375bd65b8f369c2c2ae2a33

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
- Size
  
  5.8MB
- MD5
  
  8fb56c2b40e3c7288d5ed5b0df5a7ea6
- SHA1
  
  4442c48c00a4b097a49db5417090465fb31ebd94
- SHA256
  
  a8446e06f7ef5a8965872d410beddd60595e837e4d6a907ebe4b9fa79b222ea6
- SHA512
  
  39e77d632e885ab49022a93f047d38b378714824f935a9e0ce8c68c09b3360f7f3c774b6f386810220b8b74513b56e7ebbe4f428a375bd65b8f369c2c2ae2a33
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2