2bcca57ec4a13d6eb8b4ef39929a5031720578fc26683637639eb1c2160cbec6 | Triage

Sharing

General

Target

FvzBAeFDuwBdp64U.exe
Size

30.9MB
Sample

220920-lg25esgbem
MD5

5542452ea869f36e244b4e36778402e1
SHA1

73428a883c9b9be7fa2232886518303930696cf0
SHA256

2bcca57ec4a13d6eb8b4ef39929a5031720578fc26683637639eb1c2160cbec6
SHA512

09d70f3b310f4573d6e46d6427bf35f3ec07a8e4781024114b7a3285d6e200887d7902c99b09fe3e963eaf807badf01fd2760e4e43f689b6ae239361364f4b0e
SSDEEP

786432:Z2faUkc9ErUHWeGrugO4PyQpFANWWCoMQA3oQ892FO:QfNkc9EC2T5yYuyvv3YU

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  FvzBAeFDuwBdp64U.exe
- Size
  
  30.9MB
- MD5
  
  5542452ea869f36e244b4e36778402e1
- SHA1
  
  73428a883c9b9be7fa2232886518303930696cf0
- SHA256
  
  2bcca57ec4a13d6eb8b4ef39929a5031720578fc26683637639eb1c2160cbec6
- SHA512
  
  09d70f3b310f4573d6e46d6427bf35f3ec07a8e4781024114b7a3285d6e200887d7902c99b09fe3e963eaf807badf01fd2760e4e43f689b6ae239361364f4b0e
- SSDEEP
  
  786432:Z2faUkc9ErUHWeGrugO4PyQpFANWWCoMQA3oQ892FO:QfNkc9EC2T5yYuyvv3YU
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1