Overview

overview

7

Static

static

3

main (1).exe

windows7-x64

7

main (1).exe

windows10-1703-x64

7

main (1).exe

windows10-2004-x64

7

Resubmissions

13/07/2023, 18:34

230713-w7snsaba2v 7

13/07/2023, 18:30

230713-w5ghqsaa75 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    main (1).exe

  • Size

    16.7MB

  • Sample

    230713-w7snsaba2v

  • MD5

    f58c583a010e8d889c5f7bcb42bc7ffe

  • SHA1

    c737ea35a89ad6f8900b368a70060ea4edb4a4ab

  • SHA256

    1d442e14bccb4cc51ac381087f6a4dddf4767fc8c2c2694289071769895d1887

  • SHA512

    54df2aa3910b696dcc377a4cda5af9d9ab6bc6e8e86c34881ef17aaef5f623b559d150caf5aa0aaa81f0f5f4cd78cbe04f56085f7d4a9545fc78474810946d67

  • SSDEEP

    393216:Xu7L/AY2pwDfDYQ2lpfaMPg5RgsT8azd06dZr:XCLIY2ubUQ2Hf9Pg5esTpr

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      main (1).exe

    • Size

      16.7MB

    • MD5

      f58c583a010e8d889c5f7bcb42bc7ffe

    • SHA1

      c737ea35a89ad6f8900b368a70060ea4edb4a4ab

    • SHA256

      1d442e14bccb4cc51ac381087f6a4dddf4767fc8c2c2694289071769895d1887

    • SHA512

      54df2aa3910b696dcc377a4cda5af9d9ab6bc6e8e86c34881ef17aaef5f623b559d150caf5aa0aaa81f0f5f4cd78cbe04f56085f7d4a9545fc78474810946d67

    • SSDEEP

      393216:Xu7L/AY2pwDfDYQ2lpfaMPg5RgsT8azd06dZr:XCLIY2ubUQ2Hf9Pg5esTpr

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks