7bfac72c5e06aa8f4be8d670681de3a4cfa2161e7344530df00327f0452c0cc6 | Triage

Sharing

General

Target

cstealer.exe
Size

17.1MB
Sample

240428-jre2jabd7z
MD5

3e913c04b4c65f22b156a0905718141d
SHA1

2c6156a8e1b510d04f8bcbff09587eb7b0fd62c2
SHA256

7bfac72c5e06aa8f4be8d670681de3a4cfa2161e7344530df00327f0452c0cc6
SHA512

103ab25e5483829469a1b2cc428f97ca762cc8d6d4cffc8dc14f8631678ca1b94671bb70d9294f876fe6c71346df437433543dc7ea325da202553b6ca43b67a8
SSDEEP

393216:zEkZQZP8AxYDwdQuslSl99oWOv+9fg+MUacSn5X3:zhQiXsdQu9DorvSY+Ja7nt

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  cstealer.exe
- Size
  
  17.1MB
- MD5
  
  3e913c04b4c65f22b156a0905718141d
- SHA1
  
  2c6156a8e1b510d04f8bcbff09587eb7b0fd62c2
- SHA256
  
  7bfac72c5e06aa8f4be8d670681de3a4cfa2161e7344530df00327f0452c0cc6
- SHA512
  
  103ab25e5483829469a1b2cc428f97ca762cc8d6d4cffc8dc14f8631678ca1b94671bb70d9294f876fe6c71346df437433543dc7ea325da202553b6ca43b67a8
- SSDEEP
  
  393216:zEkZQZP8AxYDwdQuslSl99oWOv+9fg+MUacSn5X3:zhQiXsdQu9DorvSY+Ja7nt
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1