5e6e280356b133cb774dde102e4ef8de680dc2766a9d911ec49d16c2420da0de | Triage

Sharing

General

Target

5e6e280356b133cb774dde102e4ef8de680dc2766a9d911ec49d16c2420da0de
Size

1.1MB
Sample

230821-eayp4aaf48
MD5

55811134bc7e95ff98bd61ee54d495aa
SHA1

873c478b6f2aaec3274e50d8586c5c860b063789
SHA256

5e6e280356b133cb774dde102e4ef8de680dc2766a9d911ec49d16c2420da0de
SHA512

9314bf33ab374351c69443c1d39d5a89ed7187679ff1c60d4f32d87569b58c2ad2ef43ac464f51f18228721146985e38e2f1beaa6687698763a02165a80314bb
SSDEEP

24576:2ICAj02HF+x014tBq233MVIsF9t0VJyIegIV8Za08fHPOu:2TA42Ec4tBp8VfSJyIedNHP9

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  5e6e280356b133cb774dde102e4ef8de680dc2766a9d911ec49d16c2420da0de
- Size
  
  1.1MB
- MD5
  
  55811134bc7e95ff98bd61ee54d495aa
- SHA1
  
  873c478b6f2aaec3274e50d8586c5c860b063789
- SHA256
  
  5e6e280356b133cb774dde102e4ef8de680dc2766a9d911ec49d16c2420da0de
- SHA512
  
  9314bf33ab374351c69443c1d39d5a89ed7187679ff1c60d4f32d87569b58c2ad2ef43ac464f51f18228721146985e38e2f1beaa6687698763a02165a80314bb
- SSDEEP
  
  24576:2ICAj02HF+x014tBq233MVIsF9t0VJyIegIV8Za08fHPOu:2TA42Ec4tBp8VfSJyIedNHP9
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2