telegram | 33fc8edfd255423880ca7eeeb073fdd16b919c557649dc82eafa0d40bac39ada | Triage

Resubmissions

21-04-2024 18:52

240421-xh5gqahd37 10

21-04-2024 18:47

240421-xfhj6shg3x 10

21-04-2024 00:06

240421-adsk2adf35 10

20-04-2024 23:34

240420-3kwkgsch84 10

Sharing

General

Target

ViolinV1.0.zip
Size

41.0MB
Sample

240421-xh5gqahd37
MD5

6a5ea25ede5cad056d564b1379db0994
SHA1

020ee91748d883035303ff6caf81f6cddc4db7da
SHA256

33fc8edfd255423880ca7eeeb073fdd16b919c557649dc82eafa0d40bac39ada
SHA512

311f9a80cb42b12b18ea507de3baf69a0fe1fb106ee26f32b14ef96386c8eabb3be2cb0126b39c129842937c12082d772753a36b3cfab3f6e10512faa2358ebc
SSDEEP

786432:KOY9nuLa1LQCJZCg2LYabvuwrapuuHrZl5BnDB1Wz63FD8B9MnakX15y9pEOihBL:s9n82lJz2LYgr+uuNlrB126FAB2a+1Ia

Score

10^/10

telegram pyinstaller rat spyware stealer telegram

Malware Config

Targets

- Target
  
  ViolinV1.0.exe
- Size
  
  41.3MB
- MD5
  
  e1f11a32546b240111760d533a26ee81
- SHA1
  
  c47b6ec9a10d2f7c081ea4649dc8b98fba5f9de7
- SHA256
  
  e7d113ef928f0ce62a0accc0829da9720977c75427c4c901976e689c22c22a9f
- SHA512
  
  2aaad25d22e9e26669bcccd38b53493695d760ee8fff8d85cc2729fb040cf7a6ef5203801d6f0916f1f5c70ae0c08b2862367c5743d0d65fdb80382446272fda
- SSDEEP
  
  786432:t+gX4BMdhwzTQXR5FbPp6FcSS5U/LT2KzVyPVL9jvzVSLOYq1QtIZS3ILe5qW80U:nXGMK4XR3bLSCU/+6yPlhvhSyY2iIZSa
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

pyinstallertelegramrattelegram

behavioral1

behavioral2