c554fc070dc3789736cd885d748631c33a56454a2f950ea913263a8aa36b8ea6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

connection_check.exe
Size

14.8MB
Sample

240513-zm7tradc71
MD5

e39d439440f6d253f9a3ffa2c70a38ed
SHA1

a81a9309687d9b33abf3bf1c7df0eada1159b61b
SHA256

c554fc070dc3789736cd885d748631c33a56454a2f950ea913263a8aa36b8ea6
SHA512

244b1dbd9eeade62bc06b4d801bd1f3be16bae0b8e888aff57a5916fad7a787c72f31a3c49a12e85e0fa1f1c5f73673cc0b5ad1bf9a0c6c31891d37915349097
SSDEEP

393216:UmZZACDxKf7gz7RnL3bYAG0plnzt309EfPKksbuK+:UmXXKEz7BMEln509zkBK+

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  connection_check.exe
- Size
  
  14.8MB
- MD5
  
  e39d439440f6d253f9a3ffa2c70a38ed
- SHA1
  
  a81a9309687d9b33abf3bf1c7df0eada1159b61b
- SHA256
  
  c554fc070dc3789736cd885d748631c33a56454a2f950ea913263a8aa36b8ea6
- SHA512
  
  244b1dbd9eeade62bc06b4d801bd1f3be16bae0b8e888aff57a5916fad7a787c72f31a3c49a12e85e0fa1f1c5f73673cc0b5ad1bf9a0c6c31891d37915349097
- SSDEEP
  
  393216:UmZZACDxKf7gz7RnL3bYAG0plnzt309EfPKksbuK+:UmXXKEz7BMEln509zkBK+
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2