46697ceb0ffef2223395d594e933a25f01fcb71ec1e8d012588b0a522e69b4fd | Triage

Sharing

General

Target

46697ceb0ffef2223395d594e933a25f01fcb71ec1e8d012588b0a522e69b4fd
Size

8.5MB
Sample

220511-c7ay7agfbp
MD5

a564b063ebf51439468cecb3b714c637
SHA1

c235dd993132a849d96c0b2d1ea778da9c31bd06
SHA256

46697ceb0ffef2223395d594e933a25f01fcb71ec1e8d012588b0a522e69b4fd
SHA512

bd2c92327f2909f7518e62330a2ca59d33e20b64076f1ed5812d97f31fedd7c295ca8d08c432390548f4bd9ab9e5096b708a2da3d7a038c5674a35842f9a087b

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  46697ceb0ffef2223395d594e933a25f01fcb71ec1e8d012588b0a522e69b4fd
- Size
  
  8.5MB
- MD5
  
  a564b063ebf51439468cecb3b714c637
- SHA1
  
  c235dd993132a849d96c0b2d1ea778da9c31bd06
- SHA256
  
  46697ceb0ffef2223395d594e933a25f01fcb71ec1e8d012588b0a522e69b4fd
- SHA512
  
  bd2c92327f2909f7518e62330a2ca59d33e20b64076f1ed5812d97f31fedd7c295ca8d08c432390548f4bd9ab9e5096b708a2da3d7a038c5674a35842f9a087b
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2