aeab36df9996cb0f07db944db3cb864d6a919cef26ee0bf29365f0b5fbd02b3a | Triage

Sharing

General

Target

aeab36df9996cb0f07db944db3cb864d6a919cef26ee0bf29365f0b5fbd02b3a
Size

6.8MB
Sample

220524-rwynfaaagk
MD5

85bb8ba34f630d00e117b54d2a45796a
SHA1

fbf8d0bbe5810d76a530a8c42fcdd8234ce0b88b
SHA256

aeab36df9996cb0f07db944db3cb864d6a919cef26ee0bf29365f0b5fbd02b3a
SHA512

a3dd6a95659d8cae82a078b77583b897186fa0a00d84a238199ace14dfcf4a9612c591f3492a0755c04912e5e43892ea80e033e33df6d55e09d0ba9a50b32502

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  aeab36df9996cb0f07db944db3cb864d6a919cef26ee0bf29365f0b5fbd02b3a
- Size
  
  6.8MB
- MD5
  
  85bb8ba34f630d00e117b54d2a45796a
- SHA1
  
  fbf8d0bbe5810d76a530a8c42fcdd8234ce0b88b
- SHA256
  
  aeab36df9996cb0f07db944db3cb864d6a919cef26ee0bf29365f0b5fbd02b3a
- SHA512
  
  a3dd6a95659d8cae82a078b77583b897186fa0a00d84a238199ace14dfcf4a9612c591f3492a0755c04912e5e43892ea80e033e33df6d55e09d0ba9a50b32502
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2