34441593ad36d22cc2bd8329b5fe9876872b9618ecc3e30f6a47cbf2162a57bd | Triage

Resubmissions

16/04/2024, 20:18

240416-y3m9lsbf56 8

16/04/2024, 20:15

240416-y1tzdadb41 8

Sharing

General

Target

antagonist-external.exe
Size

651KB
Sample

240416-y3m9lsbf56
MD5

c25a1d9ed1b660a779bfe078d938cd5f
SHA1

401f9aba29fa919b8b446ae522d081d6497bee69
SHA256

34441593ad36d22cc2bd8329b5fe9876872b9618ecc3e30f6a47cbf2162a57bd
SHA512

157af8d61a4d096750f34d59d8d3ca80433bfe9666d977a5898a73c89336afaa6736d4f7d41806753e21b7f36cab5cb9c86cde0f4d51496ec6666dfc0196091e
SSDEEP

6144:9o7HTV+q8KSzgpbl69QalhhLGOVJZIOVmxiTQhTWeMpnAB549/UXXHBeOp/xG17C:i7ezg5Y9Nlf+X5SXkeOps17h98rKe

Score

8^/10

evasion pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  antagonist-external.exe
- Size
  
  651KB
- MD5
  
  c25a1d9ed1b660a779bfe078d938cd5f
- SHA1
  
  401f9aba29fa919b8b446ae522d081d6497bee69
- SHA256
  
  34441593ad36d22cc2bd8329b5fe9876872b9618ecc3e30f6a47cbf2162a57bd
- SHA512
  
  157af8d61a4d096750f34d59d8d3ca80433bfe9666d977a5898a73c89336afaa6736d4f7d41806753e21b7f36cab5cb9c86cde0f4d51496ec6666dfc0196091e
- SSDEEP
  
  6144:9o7HTV+q8KSzgpbl69QalhhLGOVJZIOVmxiTQhTWeMpnAB549/UXXHBeOp/xG17C:i7ezg5Y9Nlf+X5SXkeOps17h98rKe
Score

8^/10

pyinstaller evasion spyware stealer
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

evasionpyinstallerspywarestealer