2b571e31820820333859b3c122afff0aabb206ad3436e62c8afbd12b5425dbf5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c4b3bd04b7fa731c4a44415adb0d49c9
Size

6.8MB
Sample

240313-ck9t1abf93
MD5

c4b3bd04b7fa731c4a44415adb0d49c9
SHA1

1527ae797603e768ce2aa04f0f65cc081c2be80e
SHA256

2b571e31820820333859b3c122afff0aabb206ad3436e62c8afbd12b5425dbf5
SHA512

09d8f4a3c340134953ed372506d75e7112bd4867a8a446fc40bdfe9235acca7e4099c34460c03dfbe096ed0d86fa2c7b01669b18eba16e7c434b83300a3ee28a
SSDEEP

196608:j2rx7NICteEroXxWVfEqlbkkwR7VTEJZFGwg0zTM9:apNInEroXgfEqirRRoJZQwgwTE

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  c4b3bd04b7fa731c4a44415adb0d49c9
- Size
  
  6.8MB
- MD5
  
  c4b3bd04b7fa731c4a44415adb0d49c9
- SHA1
  
  1527ae797603e768ce2aa04f0f65cc081c2be80e
- SHA256
  
  2b571e31820820333859b3c122afff0aabb206ad3436e62c8afbd12b5425dbf5
- SHA512
  
  09d8f4a3c340134953ed372506d75e7112bd4867a8a446fc40bdfe9235acca7e4099c34460c03dfbe096ed0d86fa2c7b01669b18eba16e7c434b83300a3ee28a
- SSDEEP
  
  196608:j2rx7NICteEroXxWVfEqlbkkwR7VTEJZFGwg0zTM9:apNInEroXgfEqirRRoJZQwgwTE
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2