4c1a2e35602396d6e1fd8181dee779c793c6733d1464c8791174a47f6703e407 | Triage

Sharing

General

Target

c9f4b12e0e577b803649fc25a66f5e19
Size

6.7MB
Sample

240314-3x5nxsbb4t
MD5

c9f4b12e0e577b803649fc25a66f5e19
SHA1

53096e487a06055b4f8d871918564e0314f4216a
SHA256

4c1a2e35602396d6e1fd8181dee779c793c6733d1464c8791174a47f6703e407
SHA512

449667d233d92ec17a76b23e162cc547132bc8ba7f9fe824a38fc122856c2ef8089d13e798fb8272b977467015063a5ba1e842d3c6c60565e6be48a292e6d6d2
SSDEEP

196608:7I+gp1DM9onJ5hrZER9xQ3jo4UX7+bSyKRuAq0G:cpNM9c5hlER9xA2XSbGRu

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  c9f4b12e0e577b803649fc25a66f5e19
- Size
  
  6.7MB
- MD5
  
  c9f4b12e0e577b803649fc25a66f5e19
- SHA1
  
  53096e487a06055b4f8d871918564e0314f4216a
- SHA256
  
  4c1a2e35602396d6e1fd8181dee779c793c6733d1464c8791174a47f6703e407
- SHA512
  
  449667d233d92ec17a76b23e162cc547132bc8ba7f9fe824a38fc122856c2ef8089d13e798fb8272b977467015063a5ba1e842d3c6c60565e6be48a292e6d6d2
- SSDEEP
  
  196608:7I+gp1DM9onJ5hrZER9xQ3jo4UX7+bSyKRuAq0G:cpNM9c5hlER9xA2XSbGRu
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2