a9e88a4c176a1ebf33183ee577dc11f968cac9e7745b6edaba3ad73fe647bf5d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0cbaec184db92171467595be1f4ea6ad
Size

6.4MB
Sample

231230-dtt1ksaffm
MD5

0cbaec184db92171467595be1f4ea6ad
SHA1

beda20dcfa59e3af13a66e19e9c9dda8ba0e1227
SHA256

a9e88a4c176a1ebf33183ee577dc11f968cac9e7745b6edaba3ad73fe647bf5d
SHA512

f8477ac2bd372dd79be814bc79b5791cc8b19b126a8a1839f451c03b5e40f21b1c949406b0c35bb365c342f254db307a9f01c670f7394b199524eabfded51ee6
SSDEEP

196608:kqPkHCsXDjDyfvwKP5W3I6sKpPyOp6MFfc2p:lSCEDPKRW3I1KptxfB

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  0cbaec184db92171467595be1f4ea6ad
- Size
  
  6.4MB
- MD5
  
  0cbaec184db92171467595be1f4ea6ad
- SHA1
  
  beda20dcfa59e3af13a66e19e9c9dda8ba0e1227
- SHA256
  
  a9e88a4c176a1ebf33183ee577dc11f968cac9e7745b6edaba3ad73fe647bf5d
- SHA512
  
  f8477ac2bd372dd79be814bc79b5791cc8b19b126a8a1839f451c03b5e40f21b1c949406b0c35bb365c342f254db307a9f01c670f7394b199524eabfded51ee6
- SSDEEP
  
  196608:kqPkHCsXDjDyfvwKP5W3I6sKpPyOp6MFfc2p:lSCEDPKRW3I1KptxfB
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2