2379c3f02f5ca106c16c07cbc16890b72162915c3dbacb89cc5431217f30165e | Triage

Sharing

General

Target

2379c3f02f5ca106c16c07cbc16890b72162915c3dbacb89cc5431217f30165e
Size

10.7MB
Sample

220511-c7e8xadhf2
MD5

e7b0ce4141b13f6dff8dc46cf900668a
SHA1

8c5b6956dd46b5651bc749eb4e60d8ad1feecf55
SHA256

2379c3f02f5ca106c16c07cbc16890b72162915c3dbacb89cc5431217f30165e
SHA512

8f9f70c49b552e6c9e4ef1dc03c969d09a83c2b704c23d2122ed950c9ea4414a4bff38c97e2bf789992325b84d25baa73a80d5bb1b305eb95cf217dbe359d5f7

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  2379c3f02f5ca106c16c07cbc16890b72162915c3dbacb89cc5431217f30165e
- Size
  
  10.7MB
- MD5
  
  e7b0ce4141b13f6dff8dc46cf900668a
- SHA1
  
  8c5b6956dd46b5651bc749eb4e60d8ad1feecf55
- SHA256
  
  2379c3f02f5ca106c16c07cbc16890b72162915c3dbacb89cc5431217f30165e
- SHA512
  
  8f9f70c49b552e6c9e4ef1dc03c969d09a83c2b704c23d2122ed950c9ea4414a4bff38c97e2bf789992325b84d25baa73a80d5bb1b305eb95cf217dbe359d5f7
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2