Overview

overview

10

Static

static

10

typhon.exe

windows7-x64

10

typhon.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SIR0001138.7z

  • Size

    2.2MB

  • Sample

    230419-s8m8xabe63

  • MD5

    5307261fb71d0f4573c96c30cb96b662

  • SHA1

    bb6b371bdb35c7cf78e1f82269798a6f243a45c4

  • SHA256

    b942051bc7005005adb60a5dae192214608a85ce473506ccaae10c3d23f851bc

  • SHA512

    0833c88d47e46fc80e09430cf8cb7686c47e97835774cbeacf34e7cdad7cfdd7dede7f04df2706511a7f0f7e5675b1c54c4b265de72f909b64ee4f3da715d4c3

  • SSDEEP

    49152:Ya2Ggkb77+LXclbiBclGRc/TnJtHxGaB0cqvYdanlE6Vv2:J2GfWLMMBc0W/TJtHRfqLlNV+

Score
10/10
typhonspywarestealer

Malware Config

Targets

    • Target

      typhon.exe

    • Size

      2.3MB

    • MD5

      d1d84c844681fe3c672a713c1a3bf52c

    • SHA1

      099ec412993603c50ec87fd27c2315bd87b6fe7e

    • SHA256

      a12933ab47993f5b6d09bec935163c7f077576a8b7b8362e397fe4f1ce4e791c

    • SHA512

      3ee33d27c03f4b1e9977ea8b8905ec070cfc74adf4327dbb81923c2fa2df412d5f9d08b1d7e49c54ccf6333728a8e3c2ae278b79a214bb662854f8019dee25d0

    • SSDEEP

      49152:8UbowEOvygS7/1sHOqJ02nTPFdRPqxMai2TBmCs2Odw+W7SC:8Ucwti78OqJ7TPB2Tc2Ou

    Score
    10/10
    typhonstealerspyware

    • Detects Typhon stealer

      stealer

    • Typhon

      Typhon is a modular stealer written in C#.

      stealertyphon

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Looks up geolocation information via web service

      Uses a legitimate geolocation service to find the infected system's geolocation info.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks