35107c20adbba9bd02958a2ed0ec8ed1de8164c4ba2a82ea008cf31f4d063094 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PlanetsTherapy.rar
Size

62.0MB
Sample

231014-m7vnpsda8z
MD5

4288dc71ac40b5f088421c74a2e4fefd
SHA1

622b7fcbd0c6fe80727aa84894874a09ef33ac96
SHA256

35107c20adbba9bd02958a2ed0ec8ed1de8164c4ba2a82ea008cf31f4d063094
SHA512

35d55e713bd6bc1466da74d150eec553e49617dd45cac9685a2df74fd96e89cb1ee5a909325f38eae10be892b2214fc91220f1c303ed67b990128b24ddd0f157
SSDEEP

1572864:L2yrljbmCXO1L9PjNSai7yrkLDG/WVSmshgLYcOeGEH5:LdrljbFXO99P0J8W0LhgLHJdZ

Score

7^/10

spyware stealer

Malware Config

Targets

- Target
  
  PlanetsTherapy.exe
- Size
  
  62.2MB
- MD5
  
  cc05edd765b6542a3bd015fb52f189e4
- SHA1
  
  043ee655c3b60ab70044b12bfe84fba4b8a60bf1
- SHA256
  
  3e64a26df145340ba60bb75e4ceeb001dffce76e90db6caca79f649e965dc496
- SHA512
  
  b01bcf90f9632bce396ef2ba8321e76cc3f8ba050c6f56699f0882cc176759074f564ba4d05d87d401630728dc2b9c1b39f816a9f8ac8eca617d7be042f47b19
- SSDEEP
  
  1572864:Cm6g0cME6p8GAHhbC8EenoXdD36HduV5eJa:h6g0c9gAHxCLdDKwVMJa
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2