ea8eefeacdaaf2d692b935f24fa69d7664151f428b531a9c89261ab05bd77831 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e1ebfbc37ce2281637e04e5afc8a7c21
Size

8.8MB
Sample

240327-r43blaed34
MD5

e1ebfbc37ce2281637e04e5afc8a7c21
SHA1

a0b6d3b35748f45e9f008d8a0ac2d9a12760af61
SHA256

ea8eefeacdaaf2d692b935f24fa69d7664151f428b531a9c89261ab05bd77831
SHA512

38eeba5342a1b98b92438d739901bbb0ddf053524b4527717b6695931cd1eb6aad7db1d5b789e2a8ceaedb5f798da1a6c1d3689ae9cf5cdd14b7ccdcda9f2551
SSDEEP

196608:p270MXCpaz9onJ5hrZERsktPOKjZobRUtVcuFHlHoaYLur:2bXCpS9c5hlERxPOYXFHlHoaYLur

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  e1ebfbc37ce2281637e04e5afc8a7c21
- Size
  
  8.8MB
- MD5
  
  e1ebfbc37ce2281637e04e5afc8a7c21
- SHA1
  
  a0b6d3b35748f45e9f008d8a0ac2d9a12760af61
- SHA256
  
  ea8eefeacdaaf2d692b935f24fa69d7664151f428b531a9c89261ab05bd77831
- SHA512
  
  38eeba5342a1b98b92438d739901bbb0ddf053524b4527717b6695931cd1eb6aad7db1d5b789e2a8ceaedb5f798da1a6c1d3689ae9cf5cdd14b7ccdcda9f2551
- SSDEEP
  
  196608:p270MXCpaz9onJ5hrZERsktPOKjZobRUtVcuFHlHoaYLur:2bXCpS9c5hlERxPOYXFHlHoaYLur
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2