70dd8bc2bba0f62293a0aed690d122da3fc6314e21b0907a814d34395f993631 | Triage

Sharing

General

Target

70dd8bc2bba0f62293a0aed690d122da3fc6314e21b0907a814d34395f993631
Size

8.3MB
Sample

220524-sqgneafgb4
MD5

13af076ceafd35bc6904c201accb79a5
SHA1

a1f162b33beb3c8f4354f1aef3151445ad7f34e2
SHA256

70dd8bc2bba0f62293a0aed690d122da3fc6314e21b0907a814d34395f993631
SHA512

d4caf8ce56fb06259f93012a3a340db87f3a63e5e882450444f52b26d58feca4f56df9e0ab9063057f5cce512a03c1d9ea3a5058dbb3d9f8642478d7b027407a

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  70dd8bc2bba0f62293a0aed690d122da3fc6314e21b0907a814d34395f993631
- Size
  
  8.3MB
- MD5
  
  13af076ceafd35bc6904c201accb79a5
- SHA1
  
  a1f162b33beb3c8f4354f1aef3151445ad7f34e2
- SHA256
  
  70dd8bc2bba0f62293a0aed690d122da3fc6314e21b0907a814d34395f993631
- SHA512
  
  d4caf8ce56fb06259f93012a3a340db87f3a63e5e882450444f52b26d58feca4f56df9e0ab9063057f5cce512a03c1d9ea3a5058dbb3d9f8642478d7b027407a
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2