b14fed2dab29545b1c7f126009db65c3fc56795698116f52615ca9942f87bd41 | Triage

Sharing

General

Target

b14fed2dab29545b1c7f126009db65c3fc56795698116f52615ca9942f87bd41
Size

5.4MB
Sample

220516-p9yt9afafm
MD5

0b26af43cfb38c9a3e412486edd09a45
SHA1

7fef478cdf8f6712a2f993f16b049bcc85b5fe51
SHA256

b14fed2dab29545b1c7f126009db65c3fc56795698116f52615ca9942f87bd41
SHA512

4b8f175780c09e29b409e0444a87eeec6d6ce0c7350bdae300a46bc5886fbd03c1cf1a44cc70e46538629770944c598e57292cd062438933cb4ee50b13dd93b9

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  b14fed2dab29545b1c7f126009db65c3fc56795698116f52615ca9942f87bd41
- Size
  
  5.4MB
- MD5
  
  0b26af43cfb38c9a3e412486edd09a45
- SHA1
  
  7fef478cdf8f6712a2f993f16b049bcc85b5fe51
- SHA256
  
  b14fed2dab29545b1c7f126009db65c3fc56795698116f52615ca9942f87bd41
- SHA512
  
  4b8f175780c09e29b409e0444a87eeec6d6ce0c7350bdae300a46bc5886fbd03c1cf1a44cc70e46538629770944c598e57292cd062438933cb4ee50b13dd93b9
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2