24a1e8f1024a2a6a5a6b648f98f0eb270dd90ae4854aa2954a6e38d5bf4adbba | Triage

Sharing

General

Target

L_0SpooferXX.exe
Size

17.8MB
Sample

230205-ebphtabd6z
MD5

80ae1538ef6d102fe84a6218b239a0c9
SHA1

cda6dc7994c0ed71e7688ed8a5608c266543d636
SHA256

24a1e8f1024a2a6a5a6b648f98f0eb270dd90ae4854aa2954a6e38d5bf4adbba
SHA512

86149af84ef1ae31fcb72ded4bddd95541be1741284a1980259590ede2f111550e35e2aae29cdc49d82ef25cffad3fba25734a761785c1f2b1db060c3bb58cff
SSDEEP

393216:Mu7L/dWBb+4hQenSyY+k4tOJCEDd/m3pCZkVRiEFT7b5e5m:MCL0N+4XY4tuCEDdKCZkVRiS7c0

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  L_0SpooferXX.exe
- Size
  
  17.8MB
- MD5
  
  80ae1538ef6d102fe84a6218b239a0c9
- SHA1
  
  cda6dc7994c0ed71e7688ed8a5608c266543d636
- SHA256
  
  24a1e8f1024a2a6a5a6b648f98f0eb270dd90ae4854aa2954a6e38d5bf4adbba
- SHA512
  
  86149af84ef1ae31fcb72ded4bddd95541be1741284a1980259590ede2f111550e35e2aae29cdc49d82ef25cffad3fba25734a761785c1f2b1db060c3bb58cff
- SSDEEP
  
  393216:Mu7L/dWBb+4hQenSyY+k4tOJCEDd/m3pCZkVRiEFT7b5e5m:MCL0N+4XY4tuCEDdKCZkVRiS7c0
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2