40fc48fd9ec5b195650df4969a1993a3b1e7390eace240b6fbf073600fa3b7dd | Triage

Sharing

General

Target

40fc48fd9ec5b195650df4969a1993a3b1e7390eace240b6fbf073600fa3b7dd
Size

9.5MB
Sample

220511-c7bwgsgfbq
MD5

f7dc7f1c7ef148d338172dea5e64d01c
SHA1

257db3af17540b511cdafa2e50503454962a53d3
SHA256

40fc48fd9ec5b195650df4969a1993a3b1e7390eace240b6fbf073600fa3b7dd
SHA512

a6e712c2bff4dae2d674dc3fb94c2b120e8537d319f6ccf172376c312306563a93cf9b42cb03a04c3e2b1efa23e53af3f1b8a9062d95453e9231358110acc616

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  40fc48fd9ec5b195650df4969a1993a3b1e7390eace240b6fbf073600fa3b7dd
- Size
  
  9.5MB
- MD5
  
  f7dc7f1c7ef148d338172dea5e64d01c
- SHA1
  
  257db3af17540b511cdafa2e50503454962a53d3
- SHA256
  
  40fc48fd9ec5b195650df4969a1993a3b1e7390eace240b6fbf073600fa3b7dd
- SHA512
  
  a6e712c2bff4dae2d674dc3fb94c2b120e8537d319f6ccf172376c312306563a93cf9b42cb03a04c3e2b1efa23e53af3f1b8a9062d95453e9231358110acc616
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2