0694e3fb51d1dca937bf9a823f450ea17df5b7795e91523c140a1473e45ae060 | Triage

Sharing

General

Target

bd24dd49fea9f5f87e1a4e94e1eb7d5e.bin
Size

68.7MB
Sample

231226-cp76zafhfk
MD5

bd24dd49fea9f5f87e1a4e94e1eb7d5e
SHA1

4c4eb33b2c73cd54aa8535b389053e726cdece09
SHA256

0694e3fb51d1dca937bf9a823f450ea17df5b7795e91523c140a1473e45ae060
SHA512

3755794b5517857e6c5764aaacf6ba22f8c2e4c2d3d2d34e2f68bd222e984f90f4774940cbe0c32ed5aff3c9fde29c1dd5dab944396b0f3cec65772bdfc53ff3
SSDEEP

1572864:4BJwY2Us98kgTd4Z2JTCGaeZ0YYzbAHWgjQ5luMwvdOpYs9O/:i2Ua8Vd4Z2NCG/NBxFRvdOpYuO/

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  B4LLER.exe
- Size
  
  69.2MB
- MD5
  
  f23cb0d5adaacd859d094671ee730696
- SHA1
  
  f3591463bc4a1466342256c569c51cca7f551c1e
- SHA256
  
  f2b3acf743652a70763fbb3cef07ef6d3b44d44bf3e5a4836df73b9609f82a4a
- SHA512
  
  55b668d27c9ccc8f875bd6f6be0d3b371fc286e24fd08405801a186b3214cef20ddaeeebbf34238287ef5588b65adcf738dd6ed3f2fe5c85cfad9c537234d1c7
- SSDEEP
  
  1572864:Hnfr2pBiS1ril7h9rW1LrKiqm2T17nD0ClE71QOI+ksJ:wiSBM7h9QLfqmY1DuI+ksJ
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2