f30cd87a7cae847bddd6ea17cc86c86679e29af072dc63688e91483053c7c56b | Triage

Sharing

General

Target

0fcea37a82f9afd8d45abe153d5c1cb9
Size

8.6MB
Sample

231230-fyxy5sfah4
MD5

0fcea37a82f9afd8d45abe153d5c1cb9
SHA1

d854dc77e085e4eb76c226720c485321c6813ab5
SHA256

f30cd87a7cae847bddd6ea17cc86c86679e29af072dc63688e91483053c7c56b
SHA512

546855f527fd2592212189351d875ce69e9aa53849c1db7b290f954db2bcf74e4893a5b2c7798250031e917ad497cfb33ad7844c71115ca931ecb2d6ff761255
SSDEEP

196608:36jgp1Detw5SC6J9onJ5hrZER9/Q3jo4UR7+aKx4rA3bqIj:ZpNet+SCa9c5hlER9/A2RStsA3

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  0fcea37a82f9afd8d45abe153d5c1cb9
- Size
  
  8.6MB
- MD5
  
  0fcea37a82f9afd8d45abe153d5c1cb9
- SHA1
  
  d854dc77e085e4eb76c226720c485321c6813ab5
- SHA256
  
  f30cd87a7cae847bddd6ea17cc86c86679e29af072dc63688e91483053c7c56b
- SHA512
  
  546855f527fd2592212189351d875ce69e9aa53849c1db7b290f954db2bcf74e4893a5b2c7798250031e917ad497cfb33ad7844c71115ca931ecb2d6ff761255
- SSDEEP
  
  196608:36jgp1Detw5SC6J9onJ5hrZER9/Q3jo4UR7+aKx4rA3bqIj:ZpNet+SCa9c5hlER9/A2RStsA3
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2