Overview

overview

7

Static

static

3

cstealer.exe

windows10-2004-x64

7

Resubmissions

03/05/2024, 03:53

240503-efybhsge94 7

03/05/2024, 03:52

240503-efj4wsge84 3

03/05/2024, 03:52

240503-ee43nsed4w 3

03/05/2024, 03:37

240503-d6fzgsea7v 7

03/05/2024, 03:19

240503-dvktasfh58 7

Sharing

Copy URL Twitter E-mail

General

  • Target

    cstealer.exe

  • Size

    8.2MB

  • Sample

    240503-efybhsge94

  • MD5

    895275adee8a58c53293e16cfde5f810

  • SHA1

    6503685744a4851ceabed5269745125fb5270350

  • SHA256

    01eb701a5da347f589e7d1ced9f229a4abdd644999f9568b772d8029ac42c3cc

  • SHA512

    3ee0adb9288b9fee29106c68d14881b1c0b430bc25d69a55cb7dd330dd5309c7eedad9a7b57e4c10e03d0cfa8e23cd2b94869895e914c7b58fe8a5c296ef6919

  • SSDEEP

    196608:9yu78K/1+/dQmRJ8dA6l7aycBIGpEGo6hTOv+QKfg9QQ5PMbQ:Eu7L/edQusl29foWOv+9fg

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      cstealer.exe

    • Size

      8.2MB

    • MD5

      895275adee8a58c53293e16cfde5f810

    • SHA1

      6503685744a4851ceabed5269745125fb5270350

    • SHA256

      01eb701a5da347f589e7d1ced9f229a4abdd644999f9568b772d8029ac42c3cc

    • SHA512

      3ee0adb9288b9fee29106c68d14881b1c0b430bc25d69a55cb7dd330dd5309c7eedad9a7b57e4c10e03d0cfa8e23cd2b94869895e914c7b58fe8a5c296ef6919

    • SSDEEP

      196608:9yu78K/1+/dQmRJ8dA6l7aycBIGpEGo6hTOv+QKfg9QQ5PMbQ:Eu7L/edQusl29foWOv+9fg

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks