f11e5330bd4b80aa1a8c670d4b1f478acec4577a6ed25d56285508d5ee515b8c | Triage

Sharing

General

Target

DevilsLoggerV2.rar
Size

18.2MB
Sample

221001-petl2shacq
MD5

a646c5ea8fc3d4c98da48a9dee601c0d
SHA1

93b2cdcae8f4b132ac3f50c209f147e27fdafd35
SHA256

f11e5330bd4b80aa1a8c670d4b1f478acec4577a6ed25d56285508d5ee515b8c
SHA512

0afebd64e5107fdc50e94c4ab93fa034ebed19ef98506dda4af128a69f4cb84fb7f0fdda934bb4d4b6aec2a37ce7b9d769f6db46113dbba5478c074bcb8fc658
SSDEEP

393216:EwX6SsjM389EI6GPKdm6u4QWzT3BCP4RT0CIHUvVsPy:5Tst6LgWJCP0T0CI0vmK

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  DevilsLoggerV2/DevilsLoggerV2.exe
- Size
  
  18.5MB
- MD5
  
  62d1ce3dbb3c3ad5c0e4479b6ebf117f
- SHA1
  
  4fa2f4f34e4e54a3f89769605bfd8f58f60daf97
- SHA256
  
  e7e3685d03687909f29f2b64cd93573356bd216526738d6331d7d1116986ce65
- SHA512
  
  d719584eb0e1188bd38aeab146461873b089e83b706779ad8b99953ce9d6f6451171cb45a4bbb7c0666b30d0ced406123e7b4e0c022a32a2653a12b5d69e49ac
- SSDEEP
  
  393216:0xdyJhooqHK8L2Vmd6ml/m3pqc/eO47G99M9BJHGR8J8WtQFgWDigBK:0zyJ+zHlyVmdXKquP+1mQ8QQFgWDigA
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2