ce138a63f09c80680d17b5892a24bb6086e2959b762c1180137da93adbb67e8d | Triage

Sharing

General

Target

NLBPP8pV.exe
Size

17.1MB
Sample

240512-ga31xsed78
MD5

d991bb72be24075a04c2711617908de3
SHA1

6eeccaf7e998e7fe9346af84ef10b3b3cf4fa220
SHA256

ce138a63f09c80680d17b5892a24bb6086e2959b762c1180137da93adbb67e8d
SHA512

dc27fcc6f28de706ac0e8718a0c5e0d33a937c418bce2e4dff4cd7c9c2876700ff8b380d89be6cb17efbc689aad09aaed63fbfbfbc0563f93584be566a840cb4
SSDEEP

393216:QEkcqn4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lq2bE0PKksbuK+:Qk44bX71QtI6a8DZcIlq4skBK+

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  NLBPP8pV.exe
- Size
  
  17.1MB
- MD5
  
  d991bb72be24075a04c2711617908de3
- SHA1
  
  6eeccaf7e998e7fe9346af84ef10b3b3cf4fa220
- SHA256
  
  ce138a63f09c80680d17b5892a24bb6086e2959b762c1180137da93adbb67e8d
- SHA512
  
  dc27fcc6f28de706ac0e8718a0c5e0d33a937c418bce2e4dff4cd7c9c2876700ff8b380d89be6cb17efbc689aad09aaed63fbfbfbc0563f93584be566a840cb4
- SSDEEP
  
  393216:QEkcqn4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lq2bE0PKksbuK+:Qk44bX71QtI6a8DZcIlq4skBK+
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2