94a30d208c66dd11a6e936a331c0b1dcbfa4888d1deb037252a82ebff6e1faa4 | Triage

Sharing

General

Target

fad268a88fda7bfea69d816e511a000291094086
Size

19.7MB
Sample

230103-bysxzace4t
MD5

697aab2d9a0f1c116de4592c7cd5e9ca
SHA1

fad268a88fda7bfea69d816e511a000291094086
SHA256

94a30d208c66dd11a6e936a331c0b1dcbfa4888d1deb037252a82ebff6e1faa4
SHA512

a12cb68fbf8da7bfc1d06b7db4f40e2191818cca762a347fdcc27b271cc72ba29feb84da3a36ed6af06a59cd587957a5415a73c9ebea931d9833e9b196919d0d
SSDEEP

393216:txd1obI/bdQuslA/m3pql96voWOv+9rxIqBJHNt5pSmJYxWRJO:tv1h/bdQurKyQvorvSr6gttjSmJFRJO

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  fad268a88fda7bfea69d816e511a000291094086
- Size
  
  19.7MB
- MD5
  
  697aab2d9a0f1c116de4592c7cd5e9ca
- SHA1
  
  fad268a88fda7bfea69d816e511a000291094086
- SHA256
  
  94a30d208c66dd11a6e936a331c0b1dcbfa4888d1deb037252a82ebff6e1faa4
- SHA512
  
  a12cb68fbf8da7bfc1d06b7db4f40e2191818cca762a347fdcc27b271cc72ba29feb84da3a36ed6af06a59cd587957a5415a73c9ebea931d9833e9b196919d0d
- SSDEEP
  
  393216:txd1obI/bdQuslA/m3pql96voWOv+9rxIqBJHNt5pSmJYxWRJO:tv1h/bdQurKyQvorvSr6gttjSmJFRJO
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2