43ac45be20b80f3e285dd75e733e239eb269c0f30936d4c6be1ca526371a7dcb | Triage

Sharing

General

Target

PlasmaExecutor v2.6.21.exe
Size

21.1MB
Sample

240420-kcqedsce66
MD5

171cb9273d896a3048bcd0d641e6b9a2
SHA1

f3c80f7b85d15506af212718a80e31120cb96301
SHA256

43ac45be20b80f3e285dd75e733e239eb269c0f30936d4c6be1ca526371a7dcb
SHA512

8954da5bf25ec09674e0297eea403b07bf48adf9028561306a502da51b38f0fe9d56ce4f4216f4b710684a60ef4f38d3631730c7274508c4c5c217d720baf08b
SSDEEP

393216:IEkQ5S5AWfqWgP8AxYD/1+TtIiF5Y9Z8D8Ccl6l3SjadC02VaHKflkQgKZ:IeaAWfJbXr1QtIQa8DZcIlijadfqaFKZ

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  PlasmaExecutor v2.6.21.exe
- Size
  
  21.1MB
- MD5
  
  171cb9273d896a3048bcd0d641e6b9a2
- SHA1
  
  f3c80f7b85d15506af212718a80e31120cb96301
- SHA256
  
  43ac45be20b80f3e285dd75e733e239eb269c0f30936d4c6be1ca526371a7dcb
- SHA512
  
  8954da5bf25ec09674e0297eea403b07bf48adf9028561306a502da51b38f0fe9d56ce4f4216f4b710684a60ef4f38d3631730c7274508c4c5c217d720baf08b
- SSDEEP
  
  393216:IEkQ5S5AWfqWgP8AxYD/1+TtIiF5Y9Z8D8Ccl6l3SjadC02VaHKflkQgKZ:IeaAWfJbXr1QtIQa8DZcIlijadfqaFKZ
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2