85cc08fb39a41f2a7cfddad35e5d4cbd90e9b09b5dfddf76190ac568e44d2c27 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3d808b8916eef3745b26fcb2845514f6
Size

6.6MB
Sample

240101-wjkchahfa6
MD5

3d808b8916eef3745b26fcb2845514f6
SHA1

2ad4ee0142fe573c9b6ca56bf6eef5c08e4084bf
SHA256

85cc08fb39a41f2a7cfddad35e5d4cbd90e9b09b5dfddf76190ac568e44d2c27
SHA512

91e4cc6e02521407e196c1f49d8031dd8151a92b023c7a80321a95b0b51e7dafa3273d14890043ba46c0fd62d18843e06c454bda6d639d22a41d92aa03bae5a9
SSDEEP

98304:hZ82QezhQupzsb+sX1ZvbeAyJZOh4Z0FGRABTgtse6vzovk1bu4Iv5nYXWR+pI:hZNhQW4CsXDjDyfkZkJMhIZRWI

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  3d808b8916eef3745b26fcb2845514f6
- Size
  
  6.6MB
- MD5
  
  3d808b8916eef3745b26fcb2845514f6
- SHA1
  
  2ad4ee0142fe573c9b6ca56bf6eef5c08e4084bf
- SHA256
  
  85cc08fb39a41f2a7cfddad35e5d4cbd90e9b09b5dfddf76190ac568e44d2c27
- SHA512
  
  91e4cc6e02521407e196c1f49d8031dd8151a92b023c7a80321a95b0b51e7dafa3273d14890043ba46c0fd62d18843e06c454bda6d639d22a41d92aa03bae5a9
- SSDEEP
  
  98304:hZ82QezhQupzsb+sX1ZvbeAyJZOh4Z0FGRABTgtse6vzovk1bu4Iv5nYXWR+pI:hZNhQW4CsXDjDyfkZkJMhIZRWI
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2