eef7738228a8044df536ff5424d2b4ca8dcf6f522ef8e3e0de644cc0e5abaa7b | Triage

Sharing

General

Target

SecuriteInfo.com.Python.Stealer.1437.14994.32063.exe
Size

18.1MB
Sample

240424-asxhjada7w
MD5

89ab0264f2da9c37933f11d49bfed3e2
SHA1

bf05f123bb5cc708f1f4970082826886277d54ee
SHA256

eef7738228a8044df536ff5424d2b4ca8dcf6f522ef8e3e0de644cc0e5abaa7b
SHA512

c55cf158be1140f2867c93cd893b8ebaec55b00107dfdb32e815050c6949b315322650940eb10083773cb65dab339d3e5fcdaf5dcae3d9b17d256a4e5cbdf120
SSDEEP

393216:pu7L/sQ86P8AxYDwdQusl+l99oWOv+9rzg0T2+XyZX:pCL0Q8ZXsdQu/DorvSrM0Tvy

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Python.Stealer.1437.14994.32063.exe
- Size
  
  18.1MB
- MD5
  
  89ab0264f2da9c37933f11d49bfed3e2
- SHA1
  
  bf05f123bb5cc708f1f4970082826886277d54ee
- SHA256
  
  eef7738228a8044df536ff5424d2b4ca8dcf6f522ef8e3e0de644cc0e5abaa7b
- SHA512
  
  c55cf158be1140f2867c93cd893b8ebaec55b00107dfdb32e815050c6949b315322650940eb10083773cb65dab339d3e5fcdaf5dcae3d9b17d256a4e5cbdf120
- SSDEEP
  
  393216:pu7L/sQ86P8AxYDwdQusl+l99oWOv+9rzg0T2+XyZX:pCL0Q8ZXsdQu/DorvSrM0Tvy
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2