168b81b87040ddd038ec03973a0e0fab161beaca313bb441e09e837f46779ae8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PAP46E1UkZ.exe
Size

17.1MB
Sample

230720-tzl5xshe27
MD5

8e2e8c66fe7bb55ed906ca583e395f64
SHA1

296df84e05ad2dc2cfaa297cbbd1d2480907d22c
SHA256

168b81b87040ddd038ec03973a0e0fab161beaca313bb441e09e837f46779ae8
SHA512

f98899a35ae39e75c212c658e6c03f78c4a7578287992e97b1a804fc375e9d320b0d43a81b12dfb1d9d24653c04645585a84afc5618d51cecac65f13fb178fdb
SSDEEP

393216:fou7L/WwAyXYPh8TInEroX/lh2plfEqirRRovon2P4j75DBrOSa:wCL+TyXYErUNQppwvMo29

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  PAP46E1UkZ.exe
- Size
  
  17.1MB
- MD5
  
  8e2e8c66fe7bb55ed906ca583e395f64
- SHA1
  
  296df84e05ad2dc2cfaa297cbbd1d2480907d22c
- SHA256
  
  168b81b87040ddd038ec03973a0e0fab161beaca313bb441e09e837f46779ae8
- SHA512
  
  f98899a35ae39e75c212c658e6c03f78c4a7578287992e97b1a804fc375e9d320b0d43a81b12dfb1d9d24653c04645585a84afc5618d51cecac65f13fb178fdb
- SSDEEP
  
  393216:fou7L/WwAyXYPh8TInEroX/lh2plfEqirRRovon2P4j75DBrOSa:wCL+TyXYErUNQppwvMo29
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2
- Target
  
  WindowsTools.pyc
- Size
  
  29KB
- MD5
  
  28a3873744a95672cb35819b19230b7d
- SHA1
  
  ef9da8b666c937b3c423327442bfbe22e635262a
- SHA256
  
  259accc42345420598ad403d0ae9fc78e43a61c37feec9e89caee29af9af4217
- SHA512
  
  b3b7e26cb07237925297b2d99edcf1ad4fd2adaeee7b3a29360b0c8d1619b4320229a7f36045dd6ebbe959dacbd0e91e0cd3cd3bc711a75d3f098616812ddbd5
- SSDEEP
  
  384:JJ0GcqO+B0U2zQuv9W7nsi3Ke69XlUoqBSji9sfrWxHh1TXB57gNxAsKs8X5jJCx:Ef+iUeUsivKWeiyK9L7MWJsI1tHvOxt5
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4