9d5bd5afcf479ca89ca7da20f23a87b5e02bb9e7fc68f5970cf86bf5b2b99b02 | Triage

Sharing

General

Target

9d5bd5afcf479ca89ca7da20f23a87b5e02bb9e7fc68f5970cf86bf5b2b99b02
Size

8.5MB
Sample

220511-c6x3bsgfbk
MD5

f39729880a516164ad2e57060f489abf
SHA1

47ca96de04782c373b8ef61ea62a36b567822d66
SHA256

9d5bd5afcf479ca89ca7da20f23a87b5e02bb9e7fc68f5970cf86bf5b2b99b02
SHA512

281375a2c35d5d4c06aa5e583d8cd20d423d126f00a6e6adc1693ae3e00616f488818622079b30c3199b617f3df5dd424f874be9bc695a864040e4608521a08a

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  9d5bd5afcf479ca89ca7da20f23a87b5e02bb9e7fc68f5970cf86bf5b2b99b02
- Size
  
  8.5MB
- MD5
  
  f39729880a516164ad2e57060f489abf
- SHA1
  
  47ca96de04782c373b8ef61ea62a36b567822d66
- SHA256
  
  9d5bd5afcf479ca89ca7da20f23a87b5e02bb9e7fc68f5970cf86bf5b2b99b02
- SHA512
  
  281375a2c35d5d4c06aa5e583d8cd20d423d126f00a6e6adc1693ae3e00616f488818622079b30c3199b617f3df5dd424f874be9bc695a864040e4608521a08a
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2