1deb296bab0028c014d3eccdac90c12ae401549547ef3b68632b2e5b10582ad3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ccfbddeadd372a618ae616ddae8bc290
Size

6.6MB
Sample

240316-dya39sah3x
MD5

ccfbddeadd372a618ae616ddae8bc290
SHA1

768a172e059719ffdcedf55cc2d046b41ce31b25
SHA256

1deb296bab0028c014d3eccdac90c12ae401549547ef3b68632b2e5b10582ad3
SHA512

a6cf91c9922e55536ddd1b342595abd1c5036bd50f349deedaa7a4d12f75f32942236863f5dc44182100b8e9ed084a4265ef960e5cf72d1fd7a795cb80e42521
SSDEEP

196608:EsPmCsXDjDyf6L2WliXYrHW1L0rFKbxgMq:rPmCEDVL2ciIrHWRWKbx1

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  ccfbddeadd372a618ae616ddae8bc290
- Size
  
  6.6MB
- MD5
  
  ccfbddeadd372a618ae616ddae8bc290
- SHA1
  
  768a172e059719ffdcedf55cc2d046b41ce31b25
- SHA256
  
  1deb296bab0028c014d3eccdac90c12ae401549547ef3b68632b2e5b10582ad3
- SHA512
  
  a6cf91c9922e55536ddd1b342595abd1c5036bd50f349deedaa7a4d12f75f32942236863f5dc44182100b8e9ed084a4265ef960e5cf72d1fd7a795cb80e42521
- SSDEEP
  
  196608:EsPmCsXDjDyf6L2WliXYrHW1L0rFKbxgMq:rPmCEDVL2ciIrHWRWKbx1
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2