c6877979e940d0c215c9386e890906d8df6954b6c2727f88ef513954e806220d | Triage

Sharing

General

Target

fake_image_logger_builder.exe
Size

104.7MB
Sample

230204-rql3fsgh31
MD5

1db78bd42f4bcbfcf6e81ca207ecc76e
SHA1

20c3f95fa82364534e3a380c043f33b883f2b426
SHA256

c6877979e940d0c215c9386e890906d8df6954b6c2727f88ef513954e806220d
SHA512

f9ad7868d772d75d315563f3e5a0196114d818d6fc25ddf7e76fdb6107bb6fddd1bdc7cc9e89093620eb47eb1be06126f493552d09f54b7c9d958619ada86c20
SSDEEP

3145728:m3m9JDuBLaKJAamnCdL9mN4LL+w6U2ZFvn:m3auBjDmCt9mN4Wi2ZF

Score

10^/10

evasion persistence pyinstaller spyware stealer trojan

Malware Config

Targets

- Target
  
  fake_image_logger_builder.exe
- Size
  
  104.7MB
- MD5
  
  1db78bd42f4bcbfcf6e81ca207ecc76e
- SHA1
  
  20c3f95fa82364534e3a380c043f33b883f2b426
- SHA256
  
  c6877979e940d0c215c9386e890906d8df6954b6c2727f88ef513954e806220d
- SHA512
  
  f9ad7868d772d75d315563f3e5a0196114d818d6fc25ddf7e76fdb6107bb6fddd1bdc7cc9e89093620eb47eb1be06126f493552d09f54b7c9d958619ada86c20
- SSDEEP
  
  3145728:m3m9JDuBLaKJAamnCdL9mN4LL+w6U2ZFvn:m3auBjDmCt9mN4Wi2ZF
Score

10^/10

evasion persistence spyware stealer trojan
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Drops file in Drivers directory
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Hidden Files and Directories

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpersistencespywarestealertrojan