e4ced8bc2a89472505b522fe4245420e821dfa02e9624d8f32e4d8d1296e1cc8 | Triage

Resubmissions

04/04/2024, 16:05

240404-tjt6lacf92 7

04/04/2024, 15:56

240404-tdtmwabh31 7

Sharing

General

Target

Builder.exe
Size

15.7MB
Sample

240404-tjt6lacf92
MD5

7327729a164a1f1e3ed2385833923a96
SHA1

44d64eae30c7fcf10db081dcfb90b7319b91bb7e
SHA256

e4ced8bc2a89472505b522fe4245420e821dfa02e9624d8f32e4d8d1296e1cc8
SHA512

e16d487fc5767da14db252957aa63646d3baf7bf1b2caa9ac95dc267e874379fe4f54ad0179505ceb000a54a8b3a6b0a9da0e20bc83e4db3093ae9020f593e60
SSDEEP

393216:FoVRsuM+sInEroXy/m3pQ14S27J4Kn8hJV4a3t7zB07:FoHsOHErUyK314ICdt7F07

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Builder.exe
- Size
  
  15.7MB
- MD5
  
  7327729a164a1f1e3ed2385833923a96
- SHA1
  
  44d64eae30c7fcf10db081dcfb90b7319b91bb7e
- SHA256
  
  e4ced8bc2a89472505b522fe4245420e821dfa02e9624d8f32e4d8d1296e1cc8
- SHA512
  
  e16d487fc5767da14db252957aa63646d3baf7bf1b2caa9ac95dc267e874379fe4f54ad0179505ceb000a54a8b3a6b0a9da0e20bc83e4db3093ae9020f593e60
- SSDEEP
  
  393216:FoVRsuM+sInEroXy/m3pQ14S27J4Kn8hJV4a3t7zB07:FoHsOHErUyK314ICdt7F07
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  obfuscated_compressed_Builder.pyc
- Size
  
  222KB
- MD5
  
  b1ca652ffbff79c109091b32790e966e
- SHA1
  
  75f271c17ca0d5436b766245df08b84bc97403c9
- SHA256
  
  6cedb8ff4deac808d97d6a42b82f2d68b5c42c13c66bd2189be298c1dae8d407
- SHA512
  
  ef61698a9d96dc6ec5d9c365d1c8a32ca11b651698d7b4f58c049c33076c14bd9062c7e1508a6aa79da00c9a90ecbfa56eb540d45ea916748a4c977b181252c2
- SSDEEP
  
  6144:uhoXlQ0bcDxRgwW0IrXiophX6nRgSnfnsm9DMsjMOK9fIuXNlrFMboVHK:uhoXlQ0bcDxRgwW0IrXiophX6nRgSnfR
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2