5c098f6a8575144b0e85f88e5508cf5f5c060d289c74acbd2a37e445073b88f1 | Triage

Sharing

General

Target

5c098f6a8575144b0e85f88e5508cf5f5c060d289c74acbd2a37e445073b88f1
Size

6.8MB
Sample

231114-xt7ffsfh3x
MD5

3893bc8e586484a6221c13451a00405e
SHA1

3a5626481b081b20bb333d1669c0600f01384924
SHA256

5c098f6a8575144b0e85f88e5508cf5f5c060d289c74acbd2a37e445073b88f1
SHA512

fd20b7ac9519acf79f9d8eb370871dc7fb139b1552fc4077be5b707af80ed9f58ff302fdb10cc7a2be4de0d4a7075935cd2ba7d3b5a61b2c173e81d218e2665f
SSDEEP

98304:ojfp/RDz5KTDbdRGQSxUTZeNEiIK176uqtqDL8e+FUJkGRnc/YrBIyGe:eftRD4TDp4QeUpg176uqMDd+ERnc1

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  5c098f6a8575144b0e85f88e5508cf5f5c060d289c74acbd2a37e445073b88f1
- Size
  
  6.8MB
- MD5
  
  3893bc8e586484a6221c13451a00405e
- SHA1
  
  3a5626481b081b20bb333d1669c0600f01384924
- SHA256
  
  5c098f6a8575144b0e85f88e5508cf5f5c060d289c74acbd2a37e445073b88f1
- SHA512
  
  fd20b7ac9519acf79f9d8eb370871dc7fb139b1552fc4077be5b707af80ed9f58ff302fdb10cc7a2be4de0d4a7075935cd2ba7d3b5a61b2c173e81d218e2665f
- SSDEEP
  
  98304:ojfp/RDz5KTDbdRGQSxUTZeNEiIK176uqtqDL8e+FUJkGRnc/YrBIyGe:eftRD4TDp4QeUpg176uqMDd+ERnc1
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2