11851f314f63a02ea68bc06be2b4bfb2851d7cbf9f8df146e6601f21de85cc22 | Triage

Resubmissions

12-03-2023 21:30

230312-1cqcdshe51 7

12-03-2023 20:39

230312-zfmj8sfc67 7

12-03-2023 20:33

230312-zbyrpshd6s 7

Sharing

General

Target

11851f314f63a02ea68bc06be2b4bfb2851d7cbf9f8df146e6601f21de85cc22
Size

7.4MB
Sample

230312-1cqcdshe51
MD5

dfdf555d372b503216cc947de535222e
SHA1

c9e6aefcdcc1f8b7f4f63d10f3928ef4875a21b5
SHA256

11851f314f63a02ea68bc06be2b4bfb2851d7cbf9f8df146e6601f21de85cc22
SHA512

56f08d6eab59904ff274c05a35bb7365949493896c58fb8126469e111a60d6e930638189dfd0e61478f4acdec49247dfc15f32a07f5d9c9d3444c604dff6db68
SSDEEP

196608:0SjQNLXgR85soVm+pWl2rPnZJtQxqX/ujY:JUNLpsujpfD9QDM

Score

7^/10

persistence pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  11851f314f63a02ea68bc06be2b4bfb2851d7cbf9f8df146e6601f21de85cc22
- Size
  
  7.4MB
- MD5
  
  dfdf555d372b503216cc947de535222e
- SHA1
  
  c9e6aefcdcc1f8b7f4f63d10f3928ef4875a21b5
- SHA256
  
  11851f314f63a02ea68bc06be2b4bfb2851d7cbf9f8df146e6601f21de85cc22
- SHA512
  
  56f08d6eab59904ff274c05a35bb7365949493896c58fb8126469e111a60d6e930638189dfd0e61478f4acdec49247dfc15f32a07f5d9c9d3444c604dff6db68
- SSDEEP
  
  196608:0SjQNLXgR85soVm+pWl2rPnZJtQxqX/ujY:JUNLpsujpfD9QDM
Score

7^/10

persistence spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencespywarestealer