17e4800294fd5e697858456adf2fcbce97943ee4e75463530c67bd3a02f061b2 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

free.exe

windows10-2004-x64

7

Sharing

General

Target

free.rar
Size

10.0MB
Sample

240420-gqjxzsah6x
MD5

70540b491b2685860d7880eaeb93f86c
SHA1

6175bb215248473ce346bfd15d8e97d4598c36f6
SHA256

17e4800294fd5e697858456adf2fcbce97943ee4e75463530c67bd3a02f061b2
SHA512

6faf89eb7005de9ae08db2df312e3e6d6a5f384c10852c93205571a135ab0137a2b2525aa3255b56100d9a7a1c48377b83a7e7a508de5bfa5c67805c67903f5d
SSDEEP

196608:EfwG5E6I/XBtD24O8JPs2R0+NlniGOm1SwYXD+3667d3xHWIo5da12p3o:hSEL/DD238J7xHniYUS36uBxH9Oa12p4

Score

7^/10

pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

free.exe

Resource

win10v2004-20240412-en

spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  free.exe
- Size
  
  10.2MB
- MD5
  
  a61aeb8087d96d39f06953265f023fb9
- SHA1
  
  04af2f57c300e8163a08f4e554422713defe4dea
- SHA256
  
  4ea84edfb5b79f367af09e356a0ec21710fb6d618f13dea513f264cca0abe598
- SHA512
  
  33e405294852b4763967be62308729a82173d9e0b510e710a22b922e693bd5b06e4c24340f45b2a831202a9f944dfccbdbcf23827dfee5009bff3c78a200cf05
- SSDEEP
  
  196608:dh0gJEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfIGQfkdoXKh:bEkfc4q1+TtIiFUY9Z8D8CcldlQNbXKh
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy