f946fb0d30c9f7f4bbce22c68f5f47eb034722fde7621687bcbeb2e340af04ef | Triage

Sharing

General

Target

f946fb0d30c9f7f4bbce22c68f5f47eb034722fde7621687bcbeb2e340af04ef
Size

8.4MB
Sample

220512-n65mysdfg9
MD5

e68f25dac9de2a36c6700b6e794487e6
SHA1

27ee202d1570bee328da0dff401c01fe680770cf
SHA256

f946fb0d30c9f7f4bbce22c68f5f47eb034722fde7621687bcbeb2e340af04ef
SHA512

1aafee97da729f27f757bd97ac24aa6523f83150f08b30aefca6bb763fbda3c9b2f2b9d748c2372380116f8da927c3b5ce2f789d1315c694f9335084c163883f

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  f946fb0d30c9f7f4bbce22c68f5f47eb034722fde7621687bcbeb2e340af04ef
- Size
  
  8.4MB
- MD5
  
  e68f25dac9de2a36c6700b6e794487e6
- SHA1
  
  27ee202d1570bee328da0dff401c01fe680770cf
- SHA256
  
  f946fb0d30c9f7f4bbce22c68f5f47eb034722fde7621687bcbeb2e340af04ef
- SHA512
  
  1aafee97da729f27f757bd97ac24aa6523f83150f08b30aefca6bb763fbda3c9b2f2b9d748c2372380116f8da927c3b5ce2f789d1315c694f9335084c163883f
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2