d12b74d12b2980fe3de16d6264fd35916f0bd9198bdfc5e6d81756cb47f826a3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

202c1a442f79d7c4f3fc255c2d7a42c0
Size

15.0MB
Sample

231230-3kshtsdhcm
MD5

202c1a442f79d7c4f3fc255c2d7a42c0
SHA1

cf42eb923461b82757f6a14a8d1154006fbe721b
SHA256

d12b74d12b2980fe3de16d6264fd35916f0bd9198bdfc5e6d81756cb47f826a3
SHA512

d83e11806f19899c7212017d2d03a45db1c6c464457990992dc75d38711c0ce0761563dbab04637cebe49e5f56fb009cad8718bf20523ae0edcba801422feb53
SSDEEP

393216:noiHEPzpjnbnPHSjPYP1uyZnxb/RDcl7jDrj3srit/:nlkPVPneP417xbRIl7jj2ip

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  202c1a442f79d7c4f3fc255c2d7a42c0
- Size
  
  15.0MB
- MD5
  
  202c1a442f79d7c4f3fc255c2d7a42c0
- SHA1
  
  cf42eb923461b82757f6a14a8d1154006fbe721b
- SHA256
  
  d12b74d12b2980fe3de16d6264fd35916f0bd9198bdfc5e6d81756cb47f826a3
- SHA512
  
  d83e11806f19899c7212017d2d03a45db1c6c464457990992dc75d38711c0ce0761563dbab04637cebe49e5f56fb009cad8718bf20523ae0edcba801422feb53
- SSDEEP
  
  393216:noiHEPzpjnbnPHSjPYP1uyZnxb/RDcl7jDrj3srit/:nlkPVPneP417xbRIl7jj2ip
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2