3132de2a879854bd5582577e1dd94d54fa8961e72912eb3dd1779a4c87a40ada | Triage

Sharing

General

Target

6a201e4db26a9622eb1c57643923ea93
Size

6.6MB
Sample

231222-fjnf6ahcc2
MD5

6a201e4db26a9622eb1c57643923ea93
SHA1

e6c2100b8b4fc9c1eff6abe13794b6d1f9a9193a
SHA256

3132de2a879854bd5582577e1dd94d54fa8961e72912eb3dd1779a4c87a40ada
SHA512

f9fa1cb043336bbcc8573c05b113a05900631c10a49f9603d60d02d0a801daee976b230ba51dc1c9f59492c0b626bd9be484f015dfdd84cd1dc7d17b8330b7c6
SSDEEP

196608:OMZx7QICteEroXxWVfEqlbkkwR7VTEJZFvNtRXk2tL:lQInEroXgfEqirRRoJZhNnXv

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  6a201e4db26a9622eb1c57643923ea93
- Size
  
  6.6MB
- MD5
  
  6a201e4db26a9622eb1c57643923ea93
- SHA1
  
  e6c2100b8b4fc9c1eff6abe13794b6d1f9a9193a
- SHA256
  
  3132de2a879854bd5582577e1dd94d54fa8961e72912eb3dd1779a4c87a40ada
- SHA512
  
  f9fa1cb043336bbcc8573c05b113a05900631c10a49f9603d60d02d0a801daee976b230ba51dc1c9f59492c0b626bd9be484f015dfdd84cd1dc7d17b8330b7c6
- SSDEEP
  
  196608:OMZx7QICteEroXxWVfEqlbkkwR7VTEJZFvNtRXk2tL:lQInEroXgfEqirRRoJZhNnXv
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2