Overview

overview

7

Static

static

3

ipstealer.exe

windows7-x64

7

ipstealer.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    ipstealer.exe

  • Size

    8.3MB

  • Sample

    231223-xyk31sgea6

  • MD5

    728dc8aea895ebf6c237f4ef6a01b716

  • SHA1

    0f8abb81b089a392ac5e9782ff92980f14eb5e71

  • SHA256

    88ac4586a3dd2af385bf891f613fb2d988e61f8e7abf7dcd112e69bbc24d57c8

  • SHA512

    dde4466010931ce1257f7bf6a8a527a1bdb58a6cb13c3f84f8e3f89f07a185dff07c3620da1111cf87465cfd89fec8729e49d66b5ab10198134714a7c25bec38

  • SSDEEP

    196608:z0uFh7Tn61W903eV4QRBtpDjIIAcwD0RPIvvk9LIiQ:fh7TnwW+eGQRL9jo0Jk

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      ipstealer.exe

    • Size

      8.3MB

    • MD5

      728dc8aea895ebf6c237f4ef6a01b716

    • SHA1

      0f8abb81b089a392ac5e9782ff92980f14eb5e71

    • SHA256

      88ac4586a3dd2af385bf891f613fb2d988e61f8e7abf7dcd112e69bbc24d57c8

    • SHA512

      dde4466010931ce1257f7bf6a8a527a1bdb58a6cb13c3f84f8e3f89f07a185dff07c3620da1111cf87465cfd89fec8729e49d66b5ab10198134714a7c25bec38

    • SSDEEP

      196608:z0uFh7Tn61W903eV4QRBtpDjIIAcwD0RPIvvk9LIiQ:fh7TnwW+eGQRL9jo0Jk

    Score
    7/10

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks