3338f6f1fa639c5391d938069a452e8b606508fef114274af472ebfa6ba7c331 | Triage

Sharing

General

Target

output.exe
Size

74.2MB
Sample

230721-2afwlshe7y
MD5

2ea078fe799ba11616183518bb7f5b0c
SHA1

b26a7e9483dee5bfa09977104ae9c00549f1af38
SHA256

3338f6f1fa639c5391d938069a452e8b606508fef114274af472ebfa6ba7c331
SHA512

ecfae8e31a3fa4b62dc7b421909e3399cd24d618844eb9dc8b41260a809914713443bc4d4dd88a0657ae48edcc3e79c01fc6656883d452aa4903db7bf4abd961
SSDEEP

1572864:G1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b21WvH5rTK:UrkkQkTyCAS/D1SQct2uC9b21wZrTK

Score

10^/10

evasion pyinstaller spyware stealer trojan

Malware Config

Targets

- Target
  
  output.exe
- Size
  
  74.2MB
- MD5
  
  2ea078fe799ba11616183518bb7f5b0c
- SHA1
  
  b26a7e9483dee5bfa09977104ae9c00549f1af38
- SHA256
  
  3338f6f1fa639c5391d938069a452e8b606508fef114274af472ebfa6ba7c331
- SHA512
  
  ecfae8e31a3fa4b62dc7b421909e3399cd24d618844eb9dc8b41260a809914713443bc4d4dd88a0657ae48edcc3e79c01fc6656883d452aa4903db7bf4abd961
- SSDEEP
  
  1572864:G1QtatodMkRCtQkTMT2Zr9yre77nD0C2Q0Q/KZYlct2uC9b21WvH5rTK:UrkkQkTyCAS/D1SQct2uC9b21wZrTK
Score

10^/10

evasion spyware stealer trojan
- UAC bypass
  evasion trojan
- Disables RegEdit via registry modification
  evasion
- Sets file to hidden
  Modifies file attributes to stop it showing in Explorer etc.
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

Bypass User Account Control

Defense Evasion

Abuse Elevation Control Mechanism

Bypass User Account Control

Hide Artifacts

Hidden Files and Directories

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionspywarestealertrojan