043343e04606c25a6850d614b690ef2c445b8cf53f5d633472a930faefb0c213 | Triage

Sharing

General

Target

043343e04606c25a6850d614b690ef2c445b8cf53f5d633472a930faefb0c213
Size

11.5MB
Sample

220521-ayhlkaeabl
MD5

13d40ceb468758718391972477e79779
SHA1

e981031eef764457dd79b9c4ba6bae5cdf289eff
SHA256

043343e04606c25a6850d614b690ef2c445b8cf53f5d633472a930faefb0c213
SHA512

44036ab2ede6a9a8d8a1bfc1c14b79d71790978725cb29bea17fd1100fd894e915ed6d7c76cca3ce8a44753b2113c02bd6dafb5505acb75b459c4863f1501f49

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  043343e04606c25a6850d614b690ef2c445b8cf53f5d633472a930faefb0c213
- Size
  
  11.5MB
- MD5
  
  13d40ceb468758718391972477e79779
- SHA1
  
  e981031eef764457dd79b9c4ba6bae5cdf289eff
- SHA256
  
  043343e04606c25a6850d614b690ef2c445b8cf53f5d633472a930faefb0c213
- SHA512
  
  44036ab2ede6a9a8d8a1bfc1c14b79d71790978725cb29bea17fd1100fd894e915ed6d7c76cca3ce8a44753b2113c02bd6dafb5505acb75b459c4863f1501f49
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2