c095c727ba44be2fd4d841a673651ef56743fbf72def1437edb4459b5910d249 | Triage

Resubmissions

01/03/2023, 02:07

230301-ckheradg6t 7

01/03/2023, 02:01

230301-cftl8adg5t 7

01/03/2023, 01:59

230301-celvzseb46 7

01/03/2023, 01:56

230301-cc4b9adg4v 7

Sharing

General

Target

Oracle.exe
Size

18.3MB
Sample

230301-celvzseb46
MD5

c36b7ee91e745671e55f4b49ce2d4492
SHA1

9006d58e63fd703cea268731b42edbe1d090394e
SHA256

c095c727ba44be2fd4d841a673651ef56743fbf72def1437edb4459b5910d249
SHA512

bb98e6f4be3a89a237f3a078c3e5fd01e1edd21b85abcd681282f6b9b9adb9ddefe23ba244ce580eaafa1d51e7bd531d0709539f79df1275c9560f0f561aa3ff
SSDEEP

393216:3u7L/qu29QDD5dQuslN/m3pDl9AJ4ZoWOv+9fPV4aD5GsNWLn5Q:3CLSDudQu4KRS4ZorvS3p5GSWD5Q

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Oracle.exe
- Size
  
  18.3MB
- MD5
  
  c36b7ee91e745671e55f4b49ce2d4492
- SHA1
  
  9006d58e63fd703cea268731b42edbe1d090394e
- SHA256
  
  c095c727ba44be2fd4d841a673651ef56743fbf72def1437edb4459b5910d249
- SHA512
  
  bb98e6f4be3a89a237f3a078c3e5fd01e1edd21b85abcd681282f6b9b9adb9ddefe23ba244ce580eaafa1d51e7bd531d0709539f79df1275c9560f0f561aa3ff
- SSDEEP
  
  393216:3u7L/qu29QDD5dQuslN/m3pDl9AJ4ZoWOv+9fPV4aD5GsNWLn5Q:3CLSDudQu4KRS4ZorvS3p5GSWD5Q
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1