05b26d29f5ec0290a4502e88f231cf3467bfedc63cb2726eca766af282aa5faf | Triage

Sharing

General

Target

x.exe
Size

20.3MB
Sample

230104-pbhelsaf7w
MD5

e9294e7ae498486db2bebc19a418fc8e
SHA1

6d989535904fcaa0c73732d7bff4a07358d694de
SHA256

05b26d29f5ec0290a4502e88f231cf3467bfedc63cb2726eca766af282aa5faf
SHA512

fd625a0bec879726a460473af95a0588e95b50e69d98563dcdb0d80600e07b175d98ea49f2a374261c9e317c260e28ae7b8aa1e16d9449e12ea4fd04ee75c2b9
SSDEEP

393216:BxjOy2FmzuuZ5bdQuslA/m3pZwd4nqPMfnq3+d9T9BJH2GJPW8ftt3Daflab:B83FmzuS5dQuRKA4nq0qOd9T1WEPW8fb

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  x.exe
- Size
  
  20.3MB
- MD5
  
  e9294e7ae498486db2bebc19a418fc8e
- SHA1
  
  6d989535904fcaa0c73732d7bff4a07358d694de
- SHA256
  
  05b26d29f5ec0290a4502e88f231cf3467bfedc63cb2726eca766af282aa5faf
- SHA512
  
  fd625a0bec879726a460473af95a0588e95b50e69d98563dcdb0d80600e07b175d98ea49f2a374261c9e317c260e28ae7b8aa1e16d9449e12ea4fd04ee75c2b9
- SSDEEP
  
  393216:BxjOy2FmzuuZ5bdQuslA/m3pZwd4nqPMfnq3+d9T9BJH2GJPW8ftt3Daflab:B83FmzuS5dQuRKA4nq0qOd9T1WEPW8fb
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2