553eab6a15e88681a0793dd5040e4a988763ac408a07c2af28a9463c8dbe0e59 | Triage

Sharing

General

Target

553eab6a15e88681a0793dd5040e4a988763ac408a07c2af28a9463c8dbe0e59
Size

5.4MB
Sample

220511-c68ttsgfbm
MD5

bbb9273a4b6436b5459fa28c8dd4d892
SHA1

d0860413aab360e5944597415f3b05a09555acfb
SHA256

553eab6a15e88681a0793dd5040e4a988763ac408a07c2af28a9463c8dbe0e59
SHA512

3417c63fd4a674d38a2fb64536fea3d490fd5e4671fda9a0ea1f13f2ce35d06a2511c887faa0c677c3892b4ec9f63f19b49e08796f45d012c90c944bdbff46de

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  553eab6a15e88681a0793dd5040e4a988763ac408a07c2af28a9463c8dbe0e59
- Size
  
  5.4MB
- MD5
  
  bbb9273a4b6436b5459fa28c8dd4d892
- SHA1
  
  d0860413aab360e5944597415f3b05a09555acfb
- SHA256
  
  553eab6a15e88681a0793dd5040e4a988763ac408a07c2af28a9463c8dbe0e59
- SHA512
  
  3417c63fd4a674d38a2fb64536fea3d490fd5e4671fda9a0ea1f13f2ce35d06a2511c887faa0c677c3892b4ec9f63f19b49e08796f45d012c90c944bdbff46de
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2