7277bff77ce3de094150598446af2b0a3368866e0b1465abf3b43440fb72b3e2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

498c80b912743dc04330402da11b8f9e
Size

5.4MB
Sample

240107-vjfhwaahfq
MD5

498c80b912743dc04330402da11b8f9e
SHA1

1da2d57ba82376d105813898e9e770a55c13a108
SHA256

7277bff77ce3de094150598446af2b0a3368866e0b1465abf3b43440fb72b3e2
SHA512

f8ccda2466709293c74c8c571225f9092ade6172137714079beef63b2f6205dcc0872b062646ea2710470054da3e3f9a2398b4526bcb365759ec0a8db95c5b6d
SSDEEP

98304:u68hBwpzoLLJ3TbwaVvrZE0I8LrKI8F/Vtt1mIi3pRN8D8cXu21TbHcira4b+2Nl:u62w9onJ5hrZEK3e9tGPqKmTbHrW4b+a

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  498c80b912743dc04330402da11b8f9e
- Size
  
  5.4MB
- MD5
  
  498c80b912743dc04330402da11b8f9e
- SHA1
  
  1da2d57ba82376d105813898e9e770a55c13a108
- SHA256
  
  7277bff77ce3de094150598446af2b0a3368866e0b1465abf3b43440fb72b3e2
- SHA512
  
  f8ccda2466709293c74c8c571225f9092ade6172137714079beef63b2f6205dcc0872b062646ea2710470054da3e3f9a2398b4526bcb365759ec0a8db95c5b6d
- SSDEEP
  
  98304:u68hBwpzoLLJ3TbwaVvrZE0I8LrKI8F/Vtt1mIi3pRN8D8cXu21TbHcira4b+2Nl:u62w9onJ5hrZEK3e9tGPqKmTbHrW4b+a
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2