84bcf114fe0ae43d7454537389093284bd29ec02ea7cb2e9f42f2c1e453f3a1d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bde0f673f36369fdaf71629930ed7e1d
Size

6.6MB
Sample

240310-gzygqsee21
MD5

bde0f673f36369fdaf71629930ed7e1d
SHA1

01c6294f82847f7cf815d1459e2fa85d8351c269
SHA256

84bcf114fe0ae43d7454537389093284bd29ec02ea7cb2e9f42f2c1e453f3a1d
SHA512

dd7ac9ddb57a58f9316406ec1260513f9b299c27d50a9bdd53b0ea2372802653ad092249eba43e368764f4c527ccd69ac90306c6b332fc61d86224e4f32027fd
SSDEEP

196608:nqMPQCsXDjDyf6L2WliXYrHW1L00FMDEhatf2:ZPQCEDVL2ciIrHWRXMDE8O

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  bde0f673f36369fdaf71629930ed7e1d
- Size
  
  6.6MB
- MD5
  
  bde0f673f36369fdaf71629930ed7e1d
- SHA1
  
  01c6294f82847f7cf815d1459e2fa85d8351c269
- SHA256
  
  84bcf114fe0ae43d7454537389093284bd29ec02ea7cb2e9f42f2c1e453f3a1d
- SHA512
  
  dd7ac9ddb57a58f9316406ec1260513f9b299c27d50a9bdd53b0ea2372802653ad092249eba43e368764f4c527ccd69ac90306c6b332fc61d86224e4f32027fd
- SSDEEP
  
  196608:nqMPQCsXDjDyf6L2WliXYrHW1L00FMDEhatf2:ZPQCEDVL2ciIrHWRXMDE8O
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2