d2c7981831fb449e109e9f9787017a275bfe542203ae9eaf8b2e9d5eac5b9488 | Triage

Sharing

General

Target

d2c7981831fb449e109e9f9787017a275bfe542203ae9eaf8b2e9d5eac5b9488
Size

5.9MB
Sample

220520-2q2s1saham
MD5

c2529e5adae819ad0c9285bae4d27a9a
SHA1

cc066793bd6167243bfd751be82567b150421ca4
SHA256

d2c7981831fb449e109e9f9787017a275bfe542203ae9eaf8b2e9d5eac5b9488
SHA512

dff6d2c871ba42fac7808ae3865b7972815c6d1c9520791c1b7d9412d8dc72dea1dc731d5547b1ee73768710a18f1a09b10ec6a5ea7772af9743ba5201046bbb

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  d2c7981831fb449e109e9f9787017a275bfe542203ae9eaf8b2e9d5eac5b9488
- Size
  
  5.9MB
- MD5
  
  c2529e5adae819ad0c9285bae4d27a9a
- SHA1
  
  cc066793bd6167243bfd751be82567b150421ca4
- SHA256
  
  d2c7981831fb449e109e9f9787017a275bfe542203ae9eaf8b2e9d5eac5b9488
- SHA512
  
  dff6d2c871ba42fac7808ae3865b7972815c6d1c9520791c1b7d9412d8dc72dea1dc731d5547b1ee73768710a18f1a09b10ec6a5ea7772af9743ba5201046bbb
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2