4494250a1ca2275328282941cd06ecc09dc7a128d9edc7eee63727d41c50f52c | Triage

Sharing

General

Target

VantaFNLoader.zip
Size

18.5MB
Sample

240424-cnmtmseb82
MD5

7988462e6b6f2f5fe79d8963aadbd3f5
SHA1

2e8bc7bef185217c53b922868ee64e3c77b7de36
SHA256

4494250a1ca2275328282941cd06ecc09dc7a128d9edc7eee63727d41c50f52c
SHA512

5d0f60c2f0460d82e0af4648561e09088f731d590eccecf6e194deea4e99eb2363da5576e114f964f740d0c7cfa55a43e3ae583fa11a54576db2e0d1e172be40
SSDEEP

393216:CXcGAJitl5kS87vztyyMbloZwgflzqeiF4JLoazKSqudXhC6JAN94J2Sf:CsGE6/Gro/BWwaKWFNKSqudXhCZN94J7

Score

7^/10

pyinstaller spyware

Malware Config

Targets

- Target
  
  VantaFNLoader.zip
- Size
  
  18.5MB
- MD5
  
  7988462e6b6f2f5fe79d8963aadbd3f5
- SHA1
  
  2e8bc7bef185217c53b922868ee64e3c77b7de36
- SHA256
  
  4494250a1ca2275328282941cd06ecc09dc7a128d9edc7eee63727d41c50f52c
- SHA512
  
  5d0f60c2f0460d82e0af4648561e09088f731d590eccecf6e194deea4e99eb2363da5576e114f964f740d0c7cfa55a43e3ae583fa11a54576db2e0d1e172be40
- SSDEEP
  
  393216:CXcGAJitl5kS87vztyyMbloZwgflzqeiF4JLoazKSqudXhC6JAN94J2Sf:CsGE6/Gro/BWwaKWFNKSqudXhCZN94J7
Score

7^/10

spyware
- Drops startup file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1