066e99be207deaf411a2d60ca7749c332b6c10ffb00e07e7aba43398813134bb

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 17:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2f6b3ab60522e613d34e2c8c93101c4c.exe
Size

6.6MB
MD5

2f6b3ab60522e613d34e2c8c93101c4c
SHA1

c4b07f3eb322d8967bbd22079e919302c183e187
SHA256

066e99be207deaf411a2d60ca7749c332b6c10ffb00e07e7aba43398813134bb
SHA512

cde4db32815d70c5edd47cc6dee3d5b7f1e714f13d563240a3b4e2a98e0698491dbe20ddd21c5fe8deef15544fa3aa91ccad8ae1c9da2ed78e58ff3fed577d9b
SSDEEP

196608:bx3PmCsXDjDyf/L2WliXYrHW1L0zFK27NAEIQ:pPmCEDKL2ciIrHWROK27S

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 13 IoCs

pid	Process
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe
3924	2f6b3ab60522e613d34e2c8c93101c4c.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	api.ipify.org
9	api.ipify.org

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 3924	3508	2f6b3ab60522e613d34e2c8c93101c4c.exe	21
PID 3508 wrote to memory of 3924	3508	2f6b3ab60522e613d34e2c8c93101c4c.exe	21

C:\Users\Admin\AppData\Local\Temp\2f6b3ab60522e613d34e2c8c93101c4c.exe
"C:\Users\Admin\AppData\Local\Temp\2f6b3ab60522e613d34e2c8c93101c4c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Users\Admin\AppData\Local\Temp\2f6b3ab60522e613d34e2c8c93101c4c.exe
  "C:\Users\Admin\AppData\Local\Temp\2f6b3ab60522e613d34e2c8c93101c4c.exe"
  2⤵
  - Loads dropped DLL
  PID:3924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI35082\VCRUNTIME140.dll

Filesize
1KB

MD5
32b6e44a27a5ae8c580d8226ea9e6f8e

SHA1
0b3e71aaf8057408e58090d6b535d354cb820486

SHA256
20cc5c669771d19618682c469d8bf9e601a12f477ee2e08dec3a191248a9f516

SHA512
44f5586b2778d053e056aec11a2ac44aee166f32949e67fd864195574b4fa8499412ef3ad27be2aec36c582c3111fe86209c90bbbfd2114a52612cf0bc38d11f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\VCRUNTIME140.dll

Filesize
38KB

MD5
d9ea6b0ab4119b90eb8cbbdbb07eee1e

SHA1
1f633c336fc1711661c1b40d8eccf7dc7a0ac110

SHA256
7ab3470789f1e14988b3d3e10d615f77aecc9d2a08ec47120e9b1aa7a6eb3527

SHA512
56b0859f21d09e331b87157d06b47df46322cf161a377cd858b483b84e0a4342bdea0540da5e70fc204796968792369336ad7bf7b49b1402adcd5196efea176d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_bz2.pyd

Filesize
10KB

MD5
e1af2129b22b2e12de991ef2e3e4d155

SHA1
abcd2755f4ee9fb0fc5a7ee67efe9a1355c14c6c

SHA256
c4c0d428ea0d81f8562d42d97fa012a857f9e1fe748769c48c1bb1e83599e0b9

SHA512
8334b9baf8b170d1e63826f701c5d3b4ca8f85ebfb43e46249ff4f3ffeb2c73acaca778bee524f27b50560741ada95eb1fa68c9da558ea0263847d8bd6254622

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ctypes.pyd

Filesize
54KB

MD5
c04e97cd9f7bb9e4b449a323e920904a

SHA1
d8830461c8d4d40ae485cd8fa36a3eeff41365cd

SHA256
4f5a0789563dbbc380f4ca90bf634cd1933aa5db7a52c84f1a5138924348849a

SHA512
64258df50f73cfd0bc82080d0fa39373392a180f1cb15328fa724192620a904653165f0ef66e2d1ddd77d095102869e62bea2b1c2bbccca3b63c5fec844e6b1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ctypes.pyd

Filesize
71KB

MD5
7d4be3d738c47fc2a2f7203db250d4e7

SHA1
d0e0a233bcfde31c7f79260059374c1c897fd8fc

SHA256
727294475d7ae31f45f5be0faf45994b7efe8ceb280b2372fa8dcae1a5f2e02f

SHA512
0ddbf38f1abd14749ff745c6334a8b46c259ddef9c3809a0c5735bbd9ec8d43f2ec53dd11f7ef970f996a0a1f29d38b495fdf812454de64e1a4060ba3fa40a92

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_hashlib.pyd

Filesize
57KB

MD5
49e3b207b7f942dca5cee0565493d084

SHA1
ec038813a2935de346b8fbb07ddc556bc06e8617

SHA256
546fd1d8b01b68db43e468016275d6df58bca308d5ffcfe7d1f7c24b086fa22f

SHA512
51fe1a636c74c28465986a4ee2c0cadf5c6bb9158f8acb24d0077d8193dcd40b29fe1b29d583921a4a2c245a18ac272c03baaddda75013e75d56b80153c641ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_hashlib.pyd

Filesize
22KB

MD5
c55e6a22828dd1b28777fa4794c52fae

SHA1
0f87b67badc25ad8ee8a8798a2517ccf3a3795c8

SHA256
b994eb9f06cc79f42ba1709934833f9d7b6f7537619ac1627d394d5fdd649855

SHA512
8ec0bf11a24b58c1089a9972a58694c59d94d8a43673c8d28e9274fcbf72b99f852c4d4b22a4135fff5084e277ce92dea509db5a4d530079cc4604741e035689

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_lzma.pyd

Filesize
11KB

MD5
e796f2bd8c300f23d298ef78717d49fd

SHA1
25435b2bc23f7141dab1aa3342c5dc4a65711e28

SHA256
b1d6b419f00deffa53d04e6a9e44967867ea929d5f5fc7a4507b5a157c14808b

SHA512
77684098edeb395162c6a58adcc31f19501d881812e67e6544bec8193ca927a92fe9f4879b2a0a881cf86b68063ac63c2b25ce66669c74acb2030b0ebbdfe3f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_socket.pyd

Filesize
5KB

MD5
eb204a079afcc34f5bac83e71a93b6a2

SHA1
7681cce026440f306220dad64289c314866f5bde

SHA256
1c37799f23bb7a4191c1855a66c7e53b0fbde18bf1124f44927c7519182a1182

SHA512
dcca53a7e8e8ae8b83def7167f8af15f2a915695869241c931fba96fe13aea2eb1371d6a83a859b7590ef802903a0d44323fa4144314abf366f2719e3908eccb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_socket.pyd

Filesize
18KB

MD5
6c4861995b1051952397578fb16b951e

SHA1
11b1d33f1366e4b8a958190ad5570acc671d4c39

SHA256
43d8538437e65bb37fb7e6efc1f6638c895768f49a824a8b2fff428f1142b2e3

SHA512
7aa515330dd74ea8839a99cddb718adf2d6cc1b7ea726ae1313f31f0e60c2291e84621cbda6f5b4ec70b1e0347a6952adfc54be63960b276f93054ab7991dd5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ssl.pyd

Filesize
1KB

MD5
ee14a8591ef3581aaccbfcc0d61be9ec

SHA1
418bc214801a45d3a098ccc630d5b9e81025e920

SHA256
fefd72ff98afff26d23739822d6ac8270219f9e48159670115b507129ae5e7f9

SHA512
0625c3b6f94d008631579a43cb0b8d39f63909f65b48b4e1582ee8d17f73b3010628bcabce12b6912876aedd2f85645daa164966ace974055f7ff362b863337e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\_ssl.pyd

Filesize
5KB

MD5
c76c7f6baeeaa23823b578c8bd86e4b0

SHA1
8afca9a40cfee7e7c9cd07e40fc4c3c0c041f9d3

SHA256
1f8d69b6bbc09d726018bb96cd84a4abd93e23faf25018e61e2e54f86d04348e

SHA512
0104dffcdfcc4600d585296e08dd8591702fece085b5acaa4df97ab530a43e37a77fca7e92fd45cdc7d81e60f81a23e1e54565fd18b1590a54a654f5c290a83c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\base_library.zip

Filesize
69KB

MD5
74403ad0b4ad94856cfacb69d39cec0b

SHA1
6ddfaecb992b733fefc936f2ff9bfde168c896ec

SHA256
746c5ae6dbe023e16aa051184aa19864b2e8c14762324d5138a196884fd311e6

SHA512
386e82a7a433eb095f2ff7cf7aece69fb2e4caafa71117c172e38fb723db5448f673751218bdf60760e0e2342d4576e6edcbb5015563bb2e41e3ce768fbe90d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libcrypto-1_1.dll

Filesize
1KB

MD5
24511375526682521630ab40b509aaef

SHA1
254b3f7f3252480dee0431f631a9fe8d6fbc410d

SHA256
2e06acb44a853140c783734ec26dc88e886be0dd48c832b9e27faf3c21341cbf

SHA512
990e611e98ddef1ffed7bea74fdd5f14dbed663acc1d11f0d2c45a7262c22c4206e2f4cdd8f20bbdd1807d5a1de192d99590a6875d5a1a91511c8b2b9e8050fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libcrypto-1_1.dll

Filesize
52KB

MD5
72ad670a2afa33e5f4dcd93c25f16ba4

SHA1
ead865a52549ca133784848e67eef0f785c60420

SHA256
f4763c6140ef46c3aa5b3c8d22af3f8e10ea0fc4e3186a493d7b214cfbb2e52e

SHA512
cc45b8122c01ad73d62fcf6992873816654fa9e090dde1e202bf17cb3043c63567a7169e74b5484ad84968c83a51e71adc5e7a1b8bf4517a00a7a2a58dfbf317

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libffi-7.dll

Filesize
5KB

MD5
cf158f69c90cb6aa1363b7c128f71eb7

SHA1
c491aab20c66522d2b2904c72e173b559d41d618

SHA256
d59d6def534134d580bbc52b1a9061c8aa6964cf53d1cc07ad1158b2559a59e5

SHA512
355e39f38027dd3803ee1cc503a0afbea2d9e34263a44a3a6c6df13a23b3036db63de56a12f1a96ba6c335cefd525f64576e6d308608cfda805d0a5b7aca2a86

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libssl-1_1.dll

Filesize
14KB

MD5
5f7aa8defd8cbccaa9dcd8fbf2adb242

SHA1
0f96efb30097aa843f0cdba1f4a33d84d3526339

SHA256
d53d20dae520a7a028dd840a17735537fea88a3a65a1d4f0772ac895c5dea7bd

SHA512
28045fd7d8362d25f524bd2c5abbde0befac2adaa0606412713db2f5f93fa581306cf5cf9e03a4b2f44f823ae2fec1ea0ce59eba7806c18feb57e7e7baddd839

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\libssl-1_1.dll

Filesize
48KB

MD5
9541d19ae0839db3a822f5369c8aea5b

SHA1
0999b9ef4f23afab9f107eff89048e1224d9d5a8

SHA256
f7194207fa94e753925a23bb5801a0f62f5e9163688f85f6dabac96d447b9d11

SHA512
74fba857d6b434af66a303259dd1298f598dc7c072eb48d60eb7f3cc42a2a9e2f63d7b0e30f147bd739776f95f82bc660c94edf152cd3c824d538af4a76208a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\python39.dll

Filesize
54KB

MD5
2a6ca7bc85585f39ac6a5a8c4fe44be7

SHA1
446df728c52f1b4deb59334b129118770024cf88

SHA256
f4e672c0b91c1f495a8a1e3f807c9ff413cb3ed12ab2fd5f191f500a3940d551

SHA512
0bad0480d83e0d7a5844fe81828087578adb62aafc07f1987aa3171dcc29cb36d80848808641763ed2c5a1fab6cf464951df3b6b3777a1571164b9eca0ed0628

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\select.pyd

Filesize
28KB

MD5
fed3dae56f7c9ea35d2e896fede29581

SHA1
ae5b2ef114138c4d8a6479d6441967c170c5aa23

SHA256
d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

SHA512
3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\select.pyd

Filesize
14KB

MD5
3b3199479bf46768ffa33dd1da27ee46

SHA1
48c2e1b77a62da48bf6e12f70f86544a166b64eb

SHA256
21e4b20c52b64e32c59587658d1218130e7ed53d118a28bf33a8a6dfce7a8a63

SHA512
fc7afa5cb4f6189af7e3d339bda47f1c72b48c50f65cc352145733a8dd04f44907774726200823a3dadca5fdf167854de5c376403375d21eba2c3c6bf545a697

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\unicodedata.pyd

Filesize
4KB

MD5
adaaa44217efc3db428e77dfcf6a9fcf

SHA1
8a175ec23d165747778560ed4e40305c67bcd7da

SHA256
5f272292d90262b84b3c3f3a935d91de0f94f115adbfecf02b61db2f45666757

SHA512
5b7aab18d5d2b6bbf79a9dd6b283c7a44e6d5d4a6635475a75289864eaa26005550055cf87a085163bbdd253549c031a60f7c3b7b13fcac982ac31081cf8c288

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35082\unicodedata.pyd

Filesize
1KB

MD5
1d0c29ce0d9f0c769a8d4517d841a838

SHA1
eff4e8bcd08d613aaf0b3f18cd24b8ca22bc0f46

SHA256
59b82a84c6b31b6b58042849038e3c57c8a9ce0650f04f097686589f055e0d94

SHA512
3c876a0359f4a639be07641608cc93b4266675164ebabfe7b2fe9dadcd428fba8377012708cdf25378a077ee67d18597f3c54fb43d742db3997d3993265ebe5f

Download Submit