0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706 | Triage

Sharing

General

Target

0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706
Size

9.4MB
Sample

220512-n8xecsgeaq
MD5

f8eee8ea0e3bb80c9f73c9ca0dca5b06
SHA1

f79053377abf6224737840ed06787510ef3944dd
SHA256

0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706
SHA512

cdc4c37fed2a0b1c8fcfc01ee5152558639a4d6d7d0ee0c9504e1dc2040ac9c2512e9e9f79b0e1353a2abc9e4a1e4281a068a50c21d2795caf00f866b341fea6

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706
- Size
  
  9.4MB
- MD5
  
  f8eee8ea0e3bb80c9f73c9ca0dca5b06
- SHA1
  
  f79053377abf6224737840ed06787510ef3944dd
- SHA256
  
  0ba84c861f272847794a2bc7fc23bd169a6be5981d6e5fa9bf5b344d8e6c9706
- SHA512
  
  cdc4c37fed2a0b1c8fcfc01ee5152558639a4d6d7d0ee0c9504e1dc2040ac9c2512e9e9f79b0e1353a2abc9e4a1e4281a068a50c21d2795caf00f866b341fea6
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2