Overview

overview

10

Static

static

10

wylol.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    wylol.exe

  • Size

    17.0MB

  • Sample

    231210-glkcysdhd2

  • MD5

    15c3f5a0f8a4791d85e61529ddeaf1e6

  • SHA1

    3096123d37f3935956d7ae8062c370a68a70a8bb

  • SHA256

    faab5c64bdcd533bb2c0e8daa2982840d118152b8dd901265762e65b3cf3b346

  • SHA512

    85f738aa3003f7d7695d682330f79f01f1201d0d0d80ff8c6be626fe04ff5112fa4dbc01345221985f2e547717363d6390c4f0b82172416d83eec0492a928b4b

  • SSDEEP

    393216:PiIE7YoPQJYHi+2ohcyLbdQuslSl99oWOv+9fgM3RKiebh:k7rPQKHiRyc0bdQu9DorvSYMhob

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      wylol.exe

    • Size

      17.0MB

    • MD5

      15c3f5a0f8a4791d85e61529ddeaf1e6

    • SHA1

      3096123d37f3935956d7ae8062c370a68a70a8bb

    • SHA256

      faab5c64bdcd533bb2c0e8daa2982840d118152b8dd901265762e65b3cf3b346

    • SHA512

      85f738aa3003f7d7695d682330f79f01f1201d0d0d80ff8c6be626fe04ff5112fa4dbc01345221985f2e547717363d6390c4f0b82172416d83eec0492a928b4b

    • SSDEEP

      393216:PiIE7YoPQJYHi+2ohcyLbdQuslSl99oWOv+9fgM3RKiebh:k7rPQKHiRyc0bdQu9DorvSYMhob

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks