1bb662d598172326e5ddd54f879bae3a6fea58742af0f44bd3934003da625384 | Triage

Resubmissions

05-10-2023 14:00

231005-raznlsdd59 4

30-09-2023 17:52

230930-wf1kbaga24 7

30-09-2023 17:50

230930-went5aee6t 7

30-09-2023 17:07

230930-vmytmaeb71 3

Sharing

General

Target

loader.bin.exe
Size

5.7MB
Sample

230930-went5aee6t
MD5

fd2d84bee10bbccb7b590e1025752873
SHA1

c0fbb34903a19dcf4591ba7f88c3995d183fefe8
SHA256

1bb662d598172326e5ddd54f879bae3a6fea58742af0f44bd3934003da625384
SHA512

87ed02ad109845b34f8f70237a2e3a51f607dac89e795f1c3b5fad019630c2a2756c2be51c7f25e04c2d4246b68803ef2b43c002155a3d660a2f66911c891add
SSDEEP

98304:3453W8vYIC+RgZkKIXfEIeYUAlLc3A6fv4i/NTJVLpxrOw1xitse3Jk9yfPDnmY:o53W83p5XfEI5WNn4QNtVLXrOw2TSsfS

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  loader.bin.exe
- Size
  
  5.7MB
- MD5
  
  fd2d84bee10bbccb7b590e1025752873
- SHA1
  
  c0fbb34903a19dcf4591ba7f88c3995d183fefe8
- SHA256
  
  1bb662d598172326e5ddd54f879bae3a6fea58742af0f44bd3934003da625384
- SHA512
  
  87ed02ad109845b34f8f70237a2e3a51f607dac89e795f1c3b5fad019630c2a2756c2be51c7f25e04c2d4246b68803ef2b43c002155a3d660a2f66911c891add
- SSDEEP
  
  98304:3453W8vYIC+RgZkKIXfEIeYUAlLc3A6fv4i/NTJVLpxrOw1xitse3Jk9yfPDnmY:o53W83p5XfEI5WNn4QNtVLXrOw2TSsfS
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1