1aa822768c6395398a1a47c3317c5bb06a295269a873b09afd724a59ced0951c | Triage

Sharing

General

Target

1aa822768c6395398a1a47c3317c5bb06a295269a873b09afd724a59ced0951c
Size

10.0MB
Sample

220511-c7g3hadhf3
MD5

987b55eeed7761b46f36c2f3e2fd60ec
SHA1

c871552d50a7a367a81f63a04ad748134c351e50
SHA256

1aa822768c6395398a1a47c3317c5bb06a295269a873b09afd724a59ced0951c
SHA512

a0bbcde19a323bb6bee729da1b999fe05da75254d4310f9e9397bd783f405641598767182116ebf0c05ace60068101106bc9d88a8764aaee53b9482768acdacf

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  1aa822768c6395398a1a47c3317c5bb06a295269a873b09afd724a59ced0951c
- Size
  
  10.0MB
- MD5
  
  987b55eeed7761b46f36c2f3e2fd60ec
- SHA1
  
  c871552d50a7a367a81f63a04ad748134c351e50
- SHA256
  
  1aa822768c6395398a1a47c3317c5bb06a295269a873b09afd724a59ced0951c
- SHA512
  
  a0bbcde19a323bb6bee729da1b999fe05da75254d4310f9e9397bd783f405641598767182116ebf0c05ace60068101106bc9d88a8764aaee53b9482768acdacf
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2