88b00237290fc4b50126609c353a4e002e6fefddc15ba048d0f5ee585d16a974 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

GlitchrollV2_UPDATED.rar
Size

9.4MB
Sample

231007-nrn2nadg83
MD5

0310e13b1a1217d5c0ea2969dcc06f3d
SHA1

deccd2307fbaa334b4ebfacdaeec2e0ef7e823df
SHA256

88b00237290fc4b50126609c353a4e002e6fefddc15ba048d0f5ee585d16a974
SHA512

7917e4f1456a7c094732df0596194a8e933a546526053705d862b00843c8a905218b1051540704783aaf7665b3ff3f2a1220cff520d97c97693db373ad8d51bc
SSDEEP

196608:5F8YboF8qvsftlr5B1yhAADPIbFOyIUp4dXGUl:4980slKhAADCBDMXGUl

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Glitchroll V2/Glitchroll V2.exe
- Size
  
  9.6MB
- MD5
  
  3b43f8c06374f713c0a70a40aecde8be
- SHA1
  
  85bb3c4788f6c8430ade45c24a5d752079cd87e8
- SHA256
  
  a6c4bfbdba32fb8e2612c48430955a0da3e3cebcbaa31a9c58c1f41a54a2a5ef
- SHA512
  
  04c05fce1f974f2546b0e1552b586970bdd72a2b9cafaccfc991cbc32b753d16c333ea76497b82e3a7fb6be284752dc908363179c07f793819c6d30a0e84e257
- SSDEEP
  
  196608:Vp+hUICteEroXxqENE+sKsXXgN/1q3+dgSKkzL0W8/Laz2Niix5wDNPK:LInEroXjsKkXgHq3+d9/kW8S2ZUNy
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2