f647a8e1e661501b43de4f160350e594a54fbc52350dcb9c1efa1ac2b38d7002 | Triage

Resubmissions

25/02/2024, 01:02

240225-bd52sshe34 7

25/02/2024, 00:59

240225-bcajhaac4s 7

Sharing

General

Target

PayPalGen.exe
Size

13.3MB
Sample

240225-bcajhaac4s
MD5

ae6ef75c6dc7d006988d672766a1b715
SHA1

1f95183b889f8f2c888aa772bb11d4069ee32048
SHA256

f647a8e1e661501b43de4f160350e594a54fbc52350dcb9c1efa1ac2b38d7002
SHA512

647d208f92a50fb5fc794f5bc3e47df27a6e47e41eee88413c906eff236b0f6a5169a5e188e5e596c3aa05c779ee14413caf325bb401b00118a1ec5838c64ea7
SSDEEP

393216:sEkMD3wW+eGQRIMTozGxu8C0ibfz6e57q1bmXiWCNv:sUD3wW+e5R5oztZ026e5IFVNv

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  PayPalGen.exe
- Size
  
  13.3MB
- MD5
  
  ae6ef75c6dc7d006988d672766a1b715
- SHA1
  
  1f95183b889f8f2c888aa772bb11d4069ee32048
- SHA256
  
  f647a8e1e661501b43de4f160350e594a54fbc52350dcb9c1efa1ac2b38d7002
- SHA512
  
  647d208f92a50fb5fc794f5bc3e47df27a6e47e41eee88413c906eff236b0f6a5169a5e188e5e596c3aa05c779ee14413caf325bb401b00118a1ec5838c64ea7
- SSDEEP
  
  393216:sEkMD3wW+eGQRIMTozGxu8C0ibfz6e57q1bmXiWCNv:sUD3wW+e5R5oztZ026e5IFVNv
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  cstealer.pyc
- Size
  
  67KB
- MD5
  
  1eee9bc3896eeeb5c879b576153da260
- SHA1
  
  66084d89f6f66d594682e1f313951a9297d5d271
- SHA256
  
  5e1faede6fff1bb137b7e452280ecb4821a24f90c9e16d228538299bc2a1b3ae
- SHA512
  
  1de218874baaadf2f44d091de9f7053a22c95c9c7d4d49d5570d35abc1512304eecdb2ba83e1fe8338f51a6694e796011a27412095a5fc2e19054645afce755c
- SSDEEP
  
  1536:l0xqOggxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqL/+bo88PiXX0r+LRP
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4