68f5285dfe87afb365e7b62a999d517fe4122ccbe82571c059803409f9182679 | Triage

Sharing

General

Target

TradingView-x64.zip
Size

16.9MB
Sample

221217-a5secaag8v
MD5

951ce7a9b35edf359f86e8dc95088978
SHA1

447f863bf00a7a9859cec29743f6540bba93be02
SHA256

68f5285dfe87afb365e7b62a999d517fe4122ccbe82571c059803409f9182679
SHA512

5bfc08f6cfd8b87a59fb2a53614af173c52a36792ffcf97db2b94bda731a5eb4f8be58964e0716f6f6fa0b3973f303a65e03e6bdc614d846ae1b2813f2ee0ece
SSDEEP

393216:Buscg4NaECI4Uwmpe2rHrER224Av4KLRZw/Fc9YFYIFb:8cG62U4KLRoFc9YCub

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  TradingView-x64/TradingView Desktop.exe
- Size
  
  395KB
- MD5
  
  b91f1d5bf7dfcb98f34ff278ffbaa6fe
- SHA1
  
  3d8b75f608bc44c278bd9323fd1b3153d8775152
- SHA256
  
  2ec0754442f816dab7532fc89c9aa42452fa415b49fa0e7c601ec48877753f23
- SHA512
  
  6c058c2d4566b4aec5c6ddc5b8e30c47bc5be4242bf5e50890ea3a4a5b3e7efd8ff34a6dd542b3b7c932a2507574ab7866a415f1c20a1fc26ac15c73e22758a2
- SSDEEP
  
  12288:++S3+5jXRqTRxK7ilVyptwO5Rczcn7GI:+tK9AhCtw0g
Score

7^/10

spyware stealer
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2