7a77090a08a808821e1536b3e62a9cc7b51ecdaeb7032c3768387054ccfe01f6 | Triage

Resubmissions

20-04-2024 09:30

240420-lghqsaeb4t 7

20-04-2024 09:24

240420-ldceladd77 7

20-04-2024 09:23

240420-lclxmsea21 7

Sharing

General

Target

vacuum_168a3a7.zip
Size

19.2MB
Sample

240420-lghqsaeb4t
MD5

168a3a792f53d91c8f8b24e8bbd2ec96
SHA1

860d268a088664cd0aa80b7a0d5cdaaca1b1d653
SHA256

7a77090a08a808821e1536b3e62a9cc7b51ecdaeb7032c3768387054ccfe01f6
SHA512

e446b468b122c48d02a06bb646118cc78b448d74e0c0108339d2ae1f7d861aa9cae14fba23d04206b5c9317bdf8084d35d1b6f1b1971af41fc58af738aa6af50
SSDEEP

393216:1cQAqCM/bLuIwRfsQwuA+LUoT5dSZu4fTYpmTr7mkO/ryTQTYwzulDlxRi5Xb9S:+QDCq6NFwujLUQdSZ9NHO/r9YwzOl/iW

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  vacuum.exe
- Size
  
  19.4MB
- MD5
  
  2266c7c3998d203663eceebfcdf5b489
- SHA1
  
  e30ef90317492965c5516fd7a6e3e5c7452524d6
- SHA256
  
  dba2a3cfc126aeb845acc92e919843d899cc24fde3895622308584b39ba77d9c
- SHA512
  
  88d3916f216fc8eb120cd6cfa43561bb5bd067a532c157a84eec263c38874b58cfcbb84e9247650f09e2f7feaa6d61be5e14cad48cdba1a9fb30ea8320a47fc3
- SSDEEP
  
  393216:aoQ0M8qdBLGUW/hSoI2IobkqJHR2tWQrdCp8dx/uaAxJodQ3RInEropazY3BqKxj:xQ78S6bRI2Bbk8R2txZpAxJTCErup3Bl
Score

7^/10

pyinstaller spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

pyinstallerspywarestealer