9eb758edc7a192e4a4fcfe1eac1799c1e64408cc57809628f2ae8c2114ff8eb6 | Triage

Sharing

General

Target

9eb758edc7a192e4a4fcfe1eac1799c1e64408cc57809628f2ae8c2114ff8eb6
Size

1.7MB
Sample

230501-tltb3sdc81
MD5

c726a4eba148b17c9ccf3692fbc90701
SHA1

52d203ff30f7a23fdc4cb45caa2efa40324a43d9
SHA256

9eb758edc7a192e4a4fcfe1eac1799c1e64408cc57809628f2ae8c2114ff8eb6
SHA512

8499f446c1a7ae0f52f75e61073c916e2531f09b4cf7fc133c63b874d3c42a5cddc280f8b9b9d1be038c6bb789e763213c8d0a1e27add3796cb3a46523ea707e
SSDEEP

49152:rbwfYXOdg8BnGyKkv6dfaAHYgDJY2Zuqz1:rs7sf

Score

6^/10

spyware

Malware Config

Targets

- Target
  
  9eb758edc7a192e4a4fcfe1eac1799c1e64408cc57809628f2ae8c2114ff8eb6
- Size
  
  1.7MB
- MD5
  
  c726a4eba148b17c9ccf3692fbc90701
- SHA1
  
  52d203ff30f7a23fdc4cb45caa2efa40324a43d9
- SHA256
  
  9eb758edc7a192e4a4fcfe1eac1799c1e64408cc57809628f2ae8c2114ff8eb6
- SHA512
  
  8499f446c1a7ae0f52f75e61073c916e2531f09b4cf7fc133c63b874d3c42a5cddc280f8b9b9d1be038c6bb789e763213c8d0a1e27add3796cb3a46523ea707e
- SSDEEP
  
  49152:rbwfYXOdg8BnGyKkv6dfaAHYgDJY2Zuqz1:rs7sf
Score

6^/10

spyware
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1