Overview

overview

10

Static

static

10

MonkeModMa...2).exe

windows7-x64

7

MonkeModMa...2).exe

windows10-2004-x64

7

Creal.pyc

windows7-x64

3

Creal.pyc

windows10-2004-x64

3

Resubmissions

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MonkeModManager (2).exe

  • Size

    13.2MB

  • Sample

    240414-y2cfqafd7x

  • MD5

    a64a50d764de2af1e198bfd517eec2f3

  • SHA1

    913b4cdc597642e4ac33e1a6526cd163f2bc29cb

  • SHA256

    4cbea24a8641dc763864ffe8a2d4ebfa3d7ea5eb7280a25edc0b2e3d4c6cdde3

  • SHA512

    efb92705d50713b06c208a308c0a8eee17c8b05c8622b0158c5974b89484739d2b48d96a860268d86afd5b51f715362542208a12b7e441c6d29d95d5ca3fa1a4

  • SSDEEP

    393216:BiIE7Yo9+4ucW+eGQRJ9jo7BGcGmY/dt1Wom2:u7r9+RcW+e5RJ9Mgpm2

Score
10/10
crealstealerpyinstallerspywarestealer

Malware Config

Targets

    • Target

      MonkeModManager (2).exe

    • Size

      13.2MB

    • MD5

      a64a50d764de2af1e198bfd517eec2f3

    • SHA1

      913b4cdc597642e4ac33e1a6526cd163f2bc29cb

    • SHA256

      4cbea24a8641dc763864ffe8a2d4ebfa3d7ea5eb7280a25edc0b2e3d4c6cdde3

    • SHA512

      efb92705d50713b06c208a308c0a8eee17c8b05c8622b0158c5974b89484739d2b48d96a860268d86afd5b51f715362542208a12b7e441c6d29d95d5ca3fa1a4

    • SSDEEP

      393216:BiIE7Yo9+4ucW+eGQRJ9jo7BGcGmY/dt1Wom2:u7r9+RcW+e5RJ9Mgpm2

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Creal.pyc

    • Size

      266KB

    • MD5

      b150b3ba06f1a53018d8455dfcb40e26

    • SHA1

      1570941b8762f5c7505a224b97163a790840aaf9

    • SHA256

      1e5c65cc2017b226449c4ebfc8d0aa26c0e288067ed1c650b4f47afff019a67f

    • SHA512

      fcd34acc57110d8396a88b9481a90ef678d87bf0d089b5e4e4b54c3cc638d280fb8f542da751afbe020a24dd37210f027a8eb3363780fe7f985f7de3a529aaa1

    • SSDEEP

      3072:vU7MaNdUcd1a0LIFU4Zpho47bnQgzodm50a2v:1QUg19MFU4ZphZLNI

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Process Discovery

1
T1057

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks