0e6645d935c2626f173bc2b08317515b58c4ec3add02154d7e53868a8d407c47 | Triage

Sharing

General

Target

0e6645d935c2626f173bc2b08317515b58c4ec3add02154d7e53868a8d407c47.exe
Size

12.9MB
Sample

240213-ddvxyaec84
MD5

2b7efedacaaea7bd3d48cbc18ea62b8f
SHA1

7586e66f7e6923f656ebe680d6acebacc87eca3b
SHA256

0e6645d935c2626f173bc2b08317515b58c4ec3add02154d7e53868a8d407c47
SHA512

fdb3fb072c246280bb649fbbbb2010b83b3cc92b3f01c018251a7b3f96754d7b7b5c4f2eba6c8eff72936723fe61a9536b290e482e294e4f1615a197cf5527eb
SSDEEP

393216:fDjntpUTLfhJsW+eGQRCMTozGxu8C0ibfY6eKkgzk:fDbHUTLJSW+e5RLoztZ0R6eKkUk

Score

7^/10

persistence pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  0e6645d935c2626f173bc2b08317515b58c4ec3add02154d7e53868a8d407c47.exe
- Size
  
  12.9MB
- MD5
  
  2b7efedacaaea7bd3d48cbc18ea62b8f
- SHA1
  
  7586e66f7e6923f656ebe680d6acebacc87eca3b
- SHA256
  
  0e6645d935c2626f173bc2b08317515b58c4ec3add02154d7e53868a8d407c47
- SHA512
  
  fdb3fb072c246280bb649fbbbb2010b83b3cc92b3f01c018251a7b3f96754d7b7b5c4f2eba6c8eff72936723fe61a9536b290e482e294e4f1615a197cf5527eb
- SSDEEP
  
  393216:fDjntpUTLfhJsW+eGQRCMTozGxu8C0ibfY6eKkgzk:fDbHUTLJSW+e5RLoztZ0R6eKkUk
Score

7^/10

persistence spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

persistencespywarestealer