b37e1948fc4d1b68e705747ab3806618fdbefb6cbb6180e394c8b5350529ddda | Triage

Sharing

General

Target

b37e1948fc4d1b68e705747ab3806618fdbefb6cbb6180e394c8b5350529ddda
Size

8.4MB
Sample

220516-p9wpwsfafl
MD5

635a1d9f73469d13a74de282de82739d
SHA1

17b48a0786b08a8706fa192350acc62a8bd9ee9b
SHA256

b37e1948fc4d1b68e705747ab3806618fdbefb6cbb6180e394c8b5350529ddda
SHA512

8e6a4ce4b4ce7ca8046dc59123b83518b308de36004a068097c361e3a8fe97315d397c2506f9fc767bb47579682c6b11dc12b0c0947742be98f96e46cc3bc337

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  b37e1948fc4d1b68e705747ab3806618fdbefb6cbb6180e394c8b5350529ddda
- Size
  
  8.4MB
- MD5
  
  635a1d9f73469d13a74de282de82739d
- SHA1
  
  17b48a0786b08a8706fa192350acc62a8bd9ee9b
- SHA256
  
  b37e1948fc4d1b68e705747ab3806618fdbefb6cbb6180e394c8b5350529ddda
- SHA512
  
  8e6a4ce4b4ce7ca8046dc59123b83518b308de36004a068097c361e3a8fe97315d397c2506f9fc767bb47579682c6b11dc12b0c0947742be98f96e46cc3bc337
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2