bd95c18b805d72e5656ff3772171185188fe0956be4a90bea561e8f05f3d91ee | Triage

Sharing

General

Target

bd95c18b805d72e5656ff3772171185188fe0956be4a90bea561e8f05f3d91ee
Size

9.3MB
Sample

220511-c6ldjagfar
MD5

f7c1172b753d1f10bee8f6c22b2c0021
SHA1

ea4061e7a1fa21b748488cdd039a9582bd86fcfa
SHA256

bd95c18b805d72e5656ff3772171185188fe0956be4a90bea561e8f05f3d91ee
SHA512

2cd7cfd929b724f91771bac0ac1861f077fb89f8605cd9fbf56c81c6491e5b1e852cff6e23928b95e0a191fdd032a48b895f8be277b7196c817d0f729727872b

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  bd95c18b805d72e5656ff3772171185188fe0956be4a90bea561e8f05f3d91ee
- Size
  
  9.3MB
- MD5
  
  f7c1172b753d1f10bee8f6c22b2c0021
- SHA1
  
  ea4061e7a1fa21b748488cdd039a9582bd86fcfa
- SHA256
  
  bd95c18b805d72e5656ff3772171185188fe0956be4a90bea561e8f05f3d91ee
- SHA512
  
  2cd7cfd929b724f91771bac0ac1861f077fb89f8605cd9fbf56c81c6491e5b1e852cff6e23928b95e0a191fdd032a48b895f8be277b7196c817d0f729727872b
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2