2177b545fb5cf6551b0ab3712b906360452f09a91eade477c19e0524ed2edb4d | Triage

Sharing

General

Target

ReShadeSetup.exe
Size

26.4MB
Sample

240512-ye866sgb73
MD5

45e3752e45783970e8147d5be54eb354
SHA1

f074c6e9825fcb554ac6b63eea3e870cf8114c86
SHA256

2177b545fb5cf6551b0ab3712b906360452f09a91eade477c19e0524ed2edb4d
SHA512

db5a03ab4bd0e6d76cc12f6f8394b53a2ec5ee755e39cbdbe054770f50b88e8dcdc4a1c77ef9292fea6c76e3eea11ef01aac863bd965e49684ec28e7d6b5c6b7
SSDEEP

786432:LrJioW+e5RY2j6+s7LWB75zupeoztZ026e5g8QT:VW+eHY2qHWB75ip509

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  ReShadeSetup.exe
- Size
  
  26.4MB
- MD5
  
  45e3752e45783970e8147d5be54eb354
- SHA1
  
  f074c6e9825fcb554ac6b63eea3e870cf8114c86
- SHA256
  
  2177b545fb5cf6551b0ab3712b906360452f09a91eade477c19e0524ed2edb4d
- SHA512
  
  db5a03ab4bd0e6d76cc12f6f8394b53a2ec5ee755e39cbdbe054770f50b88e8dcdc4a1c77ef9292fea6c76e3eea11ef01aac863bd965e49684ec28e7d6b5c6b7
- SSDEEP
  
  786432:LrJioW+e5RY2j6+s7LWB75zupeoztZ026e5g8QT:VW+eHY2qHWB75ip509
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1