Overview

overview

10

Static

static

10

Installer.exe

windows7-x64

7

Installer.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Installer.exe

  • Size

    14.3MB

  • Sample

    231014-bfnkjagh9t

  • MD5

    ca70851e655b4100230a08bc3901b4ff

  • SHA1

    dad50bc34eb66b5f36aa339ae8fda51efe108389

  • SHA256

    ae18c9e7933f2805c2ed133f3d295eb9f0413b4d10e9140e2acd4d8be92ac72f

  • SHA512

    1a591c5c74297914e35420b8eec8d5abd86383215bef35b7defc776e5ec8fed86ee76aa5dbb669fc6e2c375318d0beef7c97cf79214c69f1bbf7638f900c7434

  • SSDEEP

    393216:ju7L/sQPndQuslSq9RoWOv+9fgxNg891awj:jCL0QPndQuSborvSY/gq0

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      Installer.exe

    • Size

      14.3MB

    • MD5

      ca70851e655b4100230a08bc3901b4ff

    • SHA1

      dad50bc34eb66b5f36aa339ae8fda51efe108389

    • SHA256

      ae18c9e7933f2805c2ed133f3d295eb9f0413b4d10e9140e2acd4d8be92ac72f

    • SHA512

      1a591c5c74297914e35420b8eec8d5abd86383215bef35b7defc776e5ec8fed86ee76aa5dbb669fc6e2c375318d0beef7c97cf79214c69f1bbf7638f900c7434

    • SSDEEP

      393216:ju7L/sQPndQuslSq9RoWOv+9fgxNg891awj:jCL0QPndQuSborvSY/gq0

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks