604d2a693634ed16a6d84f446ca7d208408f57e87ec30f35a577c27e2cc542f7 | Triage

Sharing

General

Target

micify-stealer-main4.21.zip
Size

20.2MB
Sample

240428-q3phnsha42
MD5

d14dd4853a65145f873c1b274c724531
SHA1

1658dab2482ef2c9b25ecd8b0fd56e38e00ecc69
SHA256

604d2a693634ed16a6d84f446ca7d208408f57e87ec30f35a577c27e2cc542f7
SHA512

7a22db8fae78238fdf3e2d90ae7d730c479220cd3896fec5e181b9684e432a21c7fe6c8f96c22e183521b397a1557bd3f6105b9c735c328252ed481aebaa71c3
SSDEEP

393216:RxXkuPbd7mCFHAqtPv+VQBY1cTSZnwpArE4L4VONKzVdc2nm:Rx0uPbd7VAyP2H1cTSZwpCks2nm

Score

8^/10

pyinstaller spyware stealer upx

Malware Config

Targets

- Target
  
  micify-stealer-main4.21/micify-stealer-main/UPX/upx.exe
- Size
  
  550KB
- MD5
  
  39ecdf78cb357513d1fd565c5e9edbdd
- SHA1
  
  433bb8e090e48ea304c89bab1bf1b5defaaa08d7
- SHA256
  
  1ea92da93eeaf4d456114b847b9bddfb47ef854e7c24143f290d5e3f44973e91
- SHA512
  
  e83f04a8f7f5ffe257747f5b294d17d386ce700f4c59afa6ab9c4995be8ae33d34add425472722538c429ea0decd797393d5316d620df6d2895c2930e2474efb
- SSDEEP
  
  12288:G5ngMB4arMslBeWZdK8hXN4f0K2YQpDZOBEVOEA/ToKrkW1A9N3:G9g349lPZdZ8Mg6+hB
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2
- Target
  
  micify-stealer-main4.21/micify-stealer-main/Waltuhium.py
- Size
  
  142KB
- MD5
  
  a68c266b695985a653e227a9db3f0cc3
- SHA1
  
  cab667616ad48f7ff006334083fc8ce70fd98a58
- SHA256
  
  6c8fbec69a8d070cb00f253fc9886e620034733038b2307779b2026559d3fa0b
- SHA512
  
  9d958551dfcecd763c3c8e98273c06db76248547c4774ec90188bff0ac4779582c1228735663b9503f2e7058cb60743344bc1c85d26d0cfe45df6338755c6928
- SSDEEP
  
  1536:eiYj57SAiFZjpKNrwne+HAz6v5QnsOkZdaC12JNsLqDhC/+0M/K6U5ftN:87JWGwFgZ6daC2JNs+C/+fyVN
Score

3^/10
behavioral3 behavioral4
- Target
  
  micify-stealer-main4.21/micify-stealer-main/index.py
- Size
  
  9KB
- MD5
  
  bf2fdcbe728a8e056567b665a66aaf33
- SHA1
  
  6de4e1996da4ff57375af57b7398e3217248c3a3
- SHA256
  
  1cba64ecd7c6ec307a75151d1e0ddcd1633c916c040d01e1c95934407fd94083
- SHA512
  
  f095be763dd8754ea5036f1fe612141c2d350574199e49a0fcaf6806797795b9342fd46267794acf6e5322e17ff55daf7fb792cb3a1f7f6bd44c8d4111516d15
- SSDEEP
  
  192:OmvjvYv13epp3U+I2Pa/fcjzPLu1krJU1jDxsOlSNl:Om7vM1upp3GV8LLblUlDxsOM
Score

3^/10
behavioral5 behavioral6
- Target
  
  micify-stealer-main4.21/micify-stealer-main/main.exe
- Size
  
  19.8MB
- MD5
  
  ce52604a9ada5cf25e82b078688ad019
- SHA1
  
  6eddf09acd225f25945dfb088ae8ff50d4dcd1b4
- SHA256
  
  88490f0f3245ea7b04344b71884a3ec939053f2c030272c1d6b29fab5846cdb8
- SHA512
  
  ba95a4d55ff192ef241ae0ff17cbd83d343a99b34cf59d37014d84a29e0669af48ba2303441418f3e12112c2732dc4c8fa5f7fac910a506eef95777e60b1d58e
- SSDEEP
  
  393216:CEkZQtsJJpUTLfhJKQETSrvJQ7ErYeG41UXFZeGZ:ChQtshUTLJQQEWrhQI/5
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8