cf99ea1757c47b90af051210ad2473c4e6258fea1270e555c077dea7a94d9064 | Triage

Sharing

General

Target

cf99ea1757c47b90af051210ad2473c4e6258fea1270e555c077dea7a94d9064
Size

6.6MB
Sample

220520-gmnf1achd9
MD5

c74d285661dbc34b5f961fc453dfc7d7
SHA1

6128693eed5d0d14b46b0621745f942537e86781
SHA256

cf99ea1757c47b90af051210ad2473c4e6258fea1270e555c077dea7a94d9064
SHA512

ebd99619726267528e51bc081f679417e063971994563bbe439178c57e5f047a960dd98be906c20e8a8ceca0edbd711203d776304b804f5c21a8081c89e16c2e

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  cf99ea1757c47b90af051210ad2473c4e6258fea1270e555c077dea7a94d9064
- Size
  
  6.6MB
- MD5
  
  c74d285661dbc34b5f961fc453dfc7d7
- SHA1
  
  6128693eed5d0d14b46b0621745f942537e86781
- SHA256
  
  cf99ea1757c47b90af051210ad2473c4e6258fea1270e555c077dea7a94d9064
- SHA512
  
  ebd99619726267528e51bc081f679417e063971994563bbe439178c57e5f047a960dd98be906c20e8a8ceca0edbd711203d776304b804f5c21a8081c89e16c2e
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2