51bd5aafec58cb43bcd92b7841f9c813d97d70ce4f48e7f9ab92deead3995774 | Triage

Sharing

General

Target

pureland.7z
Size

241KB
Sample

230304-tcrrwsdf5z
MD5

ad49556274c5f2c861a4540f2dfdf5c5
SHA1

b78164b9fa2b42e0aa7fb3cadc4ed482c7b805a0
SHA256

51bd5aafec58cb43bcd92b7841f9c813d97d70ce4f48e7f9ab92deead3995774
SHA512

12b69f87b79ad16e0f88751d84218d2041c067776a6bdc844c5412eb96006d9b4a2fd398ac88c9147bd187dc1e2c2509df599f97b348b85af43f2693b7484a1a
SSDEEP

6144:b3L/WIlYQ5S75RR82K2vbDrEzToE088s2PmJ:Z2ndRRYKnYF0rlmJ

Score

6^/10

spyware

Malware Config

Targets

- Target
  
  pureland.exe
- Size
  
  750.4MB
- MD5
  
  7020d63902b4bf556caad45ca4efa1e2
- SHA1
  
  c37bcae134c5f21a7e97cd268fd6445672c96326
- SHA256
  
  9a933803ea4b36580247cacb65f4c0065e3097cb1405bcd33d1f046f26eb887c
- SHA512
  
  4611b50d0a38d414292e04ce902e41a25a09402ffff3492da37d4aec8b674ee07a7a2dbef99976f4be569b7ed18a41b94941917a8d115ca6818d0b546e23ff11
- SSDEEP
  
  6144:KChvrHj9pTG6s0w8ReIvIs9TtaWFn6L1CsOM:JJTG6TiQtaWFne1Cs
Score

6^/10

spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2