348f2713fba8f0543600bf38c8427eb9996769654987516e3f0202f7bcf17228 | Triage

Sharing

General

Target

fe0b343a0878063351e884f5b3fb109a.bin
Size

13.1MB
Sample

230412-fqladaaa72
MD5

fe0b343a0878063351e884f5b3fb109a
SHA1

4c2253eefc6891e4c96b62449ae7b9986940509b
SHA256

348f2713fba8f0543600bf38c8427eb9996769654987516e3f0202f7bcf17228
SHA512

b4ef983af798b47004ee805bfe4e6ae2b271e65bbc35c08d5d663d73b127faf4beff18f959c8e8f9e876bcfd2c31309e952af189c5c78f731966bd9dfbc052a7
SSDEEP

196608:KrIv64tgaYYZiOMPJODKzHTe4xEOUETUK1iaXawMkF1L6zbd94GaIXPJpxG0QLES:mIiyRhZiwkHTjxHzTUPUa3zBpLhbGqS

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  fe0b343a0878063351e884f5b3fb109a.bin
- Size
  
  13.1MB
- MD5
  
  fe0b343a0878063351e884f5b3fb109a
- SHA1
  
  4c2253eefc6891e4c96b62449ae7b9986940509b
- SHA256
  
  348f2713fba8f0543600bf38c8427eb9996769654987516e3f0202f7bcf17228
- SHA512
  
  b4ef983af798b47004ee805bfe4e6ae2b271e65bbc35c08d5d663d73b127faf4beff18f959c8e8f9e876bcfd2c31309e952af189c5c78f731966bd9dfbc052a7
- SSDEEP
  
  196608:KrIv64tgaYYZiOMPJODKzHTe4xEOUETUK1iaXawMkF1L6zbd94GaIXPJpxG0QLES:mIiyRhZiwkHTjxHzTUPUa3zBpLhbGqS
Score

7^/10

spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2