147136c6e3f62f9fb15fa26088319d2edbf3c1d0af4fcd383b362cec34092011 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

PAP46E1UkZ.exe
Size

18.4MB
Sample

240418-cvxx7agf57
MD5

db6626e83c104f9e1599b9a5fecb3a60
SHA1

5436ace02c57ec5c31b8597e99fea6fe5b9e5a6e
SHA256

147136c6e3f62f9fb15fa26088319d2edbf3c1d0af4fcd383b362cec34092011
SHA512

558236d316f8032f19d566b4ec470eac87b9484df789f08a066161e2301e2a6cd0bd8a3b39fbfd8d59c43e20c8b0dc0387af815b6fda8d2af878e5eecabf60c5
SSDEEP

393216:p7EkULrpBciidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkeg2F3X1sr:l85BydQu4MJuxZz1RbW8BOd9vkzQX1U

Score

8^/10

evasion pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  PAP46E1UkZ.exe
- Size
  
  18.4MB
- MD5
  
  db6626e83c104f9e1599b9a5fecb3a60
- SHA1
  
  5436ace02c57ec5c31b8597e99fea6fe5b9e5a6e
- SHA256
  
  147136c6e3f62f9fb15fa26088319d2edbf3c1d0af4fcd383b362cec34092011
- SHA512
  
  558236d316f8032f19d566b4ec470eac87b9484df789f08a066161e2301e2a6cd0bd8a3b39fbfd8d59c43e20c8b0dc0387af815b6fda8d2af878e5eecabf60c5
- SSDEEP
  
  393216:p7EkULrpBciidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkeg2F3X1sr:l85BydQu4MJuxZz1RbW8BOd9vkzQX1U
Score

8^/10

evasion pyinstaller spyware stealer
- Modifies Windows Firewall
  evasion
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpyinstallerspywarestealer