d76f0b4bab58a3c223ee94c0f2b95e5101257746c9fea14c42459cadf2425ad3 | Triage

Sharing

General

Target

d76f0b4bab58a3c223ee94c0f2b95e5101257746c9fea14c42459cadf2425ad3
Size

6.2MB
Sample

220516-p9vslafafk
MD5

ee6d827b7bd80a6b2f05919f82bd1124
SHA1

e6c69560c7cd85f296d6ebacd3f5da2568355f87
SHA256

d76f0b4bab58a3c223ee94c0f2b95e5101257746c9fea14c42459cadf2425ad3
SHA512

988c83a164b376d6cb2a1a5aaac39fe02596cf0cd482e79d6078a29baf9c0b8ef489011f1e6600e2d3106f6ca5f1990ffed270c1d4cee54654a831d8a016a998

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  d76f0b4bab58a3c223ee94c0f2b95e5101257746c9fea14c42459cadf2425ad3
- Size
  
  6.2MB
- MD5
  
  ee6d827b7bd80a6b2f05919f82bd1124
- SHA1
  
  e6c69560c7cd85f296d6ebacd3f5da2568355f87
- SHA256
  
  d76f0b4bab58a3c223ee94c0f2b95e5101257746c9fea14c42459cadf2425ad3
- SHA512
  
  988c83a164b376d6cb2a1a5aaac39fe02596cf0cd482e79d6078a29baf9c0b8ef489011f1e6600e2d3106f6ca5f1990ffed270c1d4cee54654a831d8a016a998
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2