6c81e08d8ba31a8e589b3af4006b246b4990f216d78f371e3ceab862781b381a | Triage

Sharing

General

Target

Athena r6.zip
Size

21.5MB
Sample

240423-zk1yesbg73
MD5

c8e1d16cd78e06d5083bd9dd0d30cd09
SHA1

23b5cd803843d021caed5d40cb2f902c2af6fd1e
SHA256

6c81e08d8ba31a8e589b3af4006b246b4990f216d78f371e3ceab862781b381a
SHA512

63c22fe09b57067a3742fed8d8c8fb020b332b7996eb62a0d0de318361fb690d533398a499ed51b574e949726b32faa1b5b28eed4ce2752de06a044e0f3fec31
SSDEEP

393216:F8/rEkcqY4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnbE0PKksbuK+R:F8TkD4bX71QtI6a8DZcIlbskBK+R

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Athena r6/AthenaR6.exe
- Size
  
  16.2MB
- MD5
  
  82cfe366a937f42ab87e4811a92c5da3
- SHA1
  
  cb81c58c6cff23240ea78ee8ac7ad35082111d8d
- SHA256
  
  9298eb16426a23c4c6a7529d569245ba5cf13ca61a616aaf7a05583712445c72
- SHA512
  
  3b7ffd924c4af50143bff6f953662c34186610e00fbba7ff4c959d3b7e99d6d77861d1d389bfd1de5fe82bc87118a8623da0142c5ee7fae64788f920e3b75f69
- SSDEEP
  
  393216:PEkcqY4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lnbE0PKksbuK+:PkD4bX71QtI6a8DZcIlbskBK+
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  creal.pyc
- Size
  
  64KB
- MD5
  
  23f14103b51c1fe8355109e971efcc7a
- SHA1
  
  9695e9f2f7b25058d02cf649c08a6261f5922a09
- SHA256
  
  cd45de9a3b688b52ec06ab873756dda42b005103a12242a00a6266b0e2d96b40
- SHA512
  
  8ae8b7b9fbf6f4b2e6e9ea6243b25de198c7e6e5dcf6b29ca273dc3f44f7c662f9f28a2e4ae5d460d8668f4e37acd116b395212d6c943e427f29e836a7862bad
- SSDEEP
  
  1536:7Trle+0Ql9pObo8BHWftXASFW08VgeOR2ep:7TBYbo8B2VXASNMgeORh
Score

4^/10
behavioral3 behavioral4
- Target
  
  Athena r6/library.dll
- Size
  
  5.4MB
- MD5
  
  c5efdea68a23eb09786e332cc30c6ccf
- SHA1
  
  9b8d53cfc95b2fa3f8a962249869147c720d35b4
- SHA256
  
  fef39ffb6258b11b646be298c0133b1281f4e6fd5fbfc670d5cd1776fb8f8365
- SHA512
  
  738a3748ef5c461508d305bdf6359aeaa14405bcc76ca9bb75eac655198287c6734fa59d9d897d583286de0fdd66a34d030ca725cde775a1c5e602878b15b63b
- SSDEEP
  
  24576:62/IaNY1O3s4IqgJ0+6m77/bewdDZPVyyvcGCpz8KsWDP/IntdbMs7HTNWo4G6yC:978n4+EwdDZdygJ0z9DInIsZ4G
Score

1^/10
behavioral5 behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6