55b7d24cefb8793f271bc910bc45dcdcd007d12655a1e311f25835fcbcd8affc | Triage

Sharing

Copy URL Twitter E-mail

General

Target

bombaclat2.exe
Size

16.8MB
Sample

240430-wvss1see56
MD5

24669cf992c3daad92955430b133615c
SHA1

f2a90c7b952bb2c224224c5154b12083ecfdba84
SHA256

55b7d24cefb8793f271bc910bc45dcdcd007d12655a1e311f25835fcbcd8affc
SHA512

1de9a4e63ec73f46738b1afd0fa561156958c5b49e9735e6bd93db6e3399e80e944bf3771c23ab1485197e23580a96222d1c208c6730b37d16ee476baae20065
SSDEEP

393216:kmAzc28DEkMgP8AxYDwdQ2lR+9JCe48rBLFdxJd6o:k1D8D0bXsdQv9JCe48Fd

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  bombaclat2.exe
- Size
  
  16.8MB
- MD5
  
  24669cf992c3daad92955430b133615c
- SHA1
  
  f2a90c7b952bb2c224224c5154b12083ecfdba84
- SHA256
  
  55b7d24cefb8793f271bc910bc45dcdcd007d12655a1e311f25835fcbcd8affc
- SHA512
  
  1de9a4e63ec73f46738b1afd0fa561156958c5b49e9735e6bd93db6e3399e80e944bf3771c23ab1485197e23580a96222d1c208c6730b37d16ee476baae20065
- SSDEEP
  
  393216:kmAzc28DEkMgP8AxYDwdQ2lR+9JCe48rBLFdxJd6o:k1D8D0bXsdQv9JCe48Fd
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  cstealer.pyc
- Size
  
  74KB
- MD5
  
  392426f8f5651ec9cd340f7af7e3ad6f
- SHA1
  
  eec21e830b9d7c2479f966eba77fad97339145d1
- SHA256
  
  c7710690df008491ede1b1212027c7b06293492ef9abcba911122d5c1f5d16a1
- SHA512
  
  2d10f778249a43bd30546b37bfeefd0797dc27d39dc175498a257ea37ced967e2b03e8f92d7eb5646729e6d6ea6536a0b0f3e07d6f3e3613e3c3a926eeb0386a
- SSDEEP
  
  1536:jIiOtbk+xQx0Jl1dKh2IsiORBaa0YGXPfjdWRXee:jQaTvh2IsiYOYGPfjdWRl
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4