Overview

overview

10

Static

static

10

c358eeda04...12.exe

windows7-x64

7

c358eeda04...12.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58c1aa7d18894e2762d97f8f2997662d.bin

  • Size

    10.5MB

  • Sample

    231005-bydhaaga4y

  • MD5

    44c79351ce22329acbf3704f445237f9

  • SHA1

    4e9687583cb61365c37ab95b467abd38ddd5b458

  • SHA256

    fa79ce37d7ab725d5ebdc914064b9fd9fa5398f2a1fb6b7551a8f3f07ae8a423

  • SHA512

    a7e242196b9937b23059cc3b7674219254b5d258c09f4103eff7c6b4e7ebd5b9957d10950984bdab35aafbfc76360c4e89f9f1826ce1d4abc31d06681522130e

  • SSDEEP

    196608:BqX+kFo0603gvZI6dbYm1Z8C812gB8aW/I6wkJPIlzYiFFmu4oiVq:wunzxI6KiZ8Cbg6aW/I10P8tOucVq

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      c358eeda046271b9301c0036ad706a3fdb8d38c7c87d9d50108aa2fa4e301512.exe

    • Size

      10.7MB

    • MD5

      58c1aa7d18894e2762d97f8f2997662d

    • SHA1

      07d9c181bb0e00b7fd2dfc3806941ff2a8daf4ac

    • SHA256

      c358eeda046271b9301c0036ad706a3fdb8d38c7c87d9d50108aa2fa4e301512

    • SHA512

      53200e4a4468fafa9dffbfdee8c96989305e4478e1062d4ae4b669f71744e7f937a526e6b1776e74c156dbe62ce74a55a39ee76d2738b7230f4aa616df8a51ea

    • SSDEEP

      196608:TAHiIE7SRpo8fy7IudQmRJ8dA6lSuqaycBIGpEKo6hTOv+QKfrOs6Telo49vLLj/:UiIE7YofDdQuslSq9foWOv+9frOna59j

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks