c17a6ac631d0f5d302ebc1d6b1cca37c9682b9ddae66bc6aa25ca678734282de | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3b8ce717c7ff75b99f15aba76aae919d
Size

6.6MB
Sample

240101-bxtg4scae9
MD5

3b8ce717c7ff75b99f15aba76aae919d
SHA1

3376934b074f758e5124b3a85839407d0275132e
SHA256

c17a6ac631d0f5d302ebc1d6b1cca37c9682b9ddae66bc6aa25ca678734282de
SHA512

22f1e1440adec66b46af5ec21b9f3d2499edc8635248f7f2a43192b996576b5ba6ae33d2c7fca967fa920a63a024538421d56b0f4b4d01759e1bdbe156851fa5
SSDEEP

196608:iq8PmCsXDjDyf6L2WliXYrHW1PSmrc+C:4PmCEDVL2ciIrHWpSm4

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  3b8ce717c7ff75b99f15aba76aae919d
- Size
  
  6.6MB
- MD5
  
  3b8ce717c7ff75b99f15aba76aae919d
- SHA1
  
  3376934b074f758e5124b3a85839407d0275132e
- SHA256
  
  c17a6ac631d0f5d302ebc1d6b1cca37c9682b9ddae66bc6aa25ca678734282de
- SHA512
  
  22f1e1440adec66b46af5ec21b9f3d2499edc8635248f7f2a43192b996576b5ba6ae33d2c7fca967fa920a63a024538421d56b0f4b4d01759e1bdbe156851fa5
- SSDEEP
  
  196608:iq8PmCsXDjDyf6L2WliXYrHW1PSmrc+C:4PmCEDVL2ciIrHWpSm4
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2