af996e9181ac2eeceb27c65b213999305ca4985201f96e5363683c6adaa4cef6 | Triage

Sharing

General

Target

G5HQtnj.exe
Size

11.2MB
Sample

240521-sj77saab4w
MD5

0be4e272300eb9fc19e55bf31bdf59d7
SHA1

9111b184fd031d02f0285c4136376c2e5ad55851
SHA256

af996e9181ac2eeceb27c65b213999305ca4985201f96e5363683c6adaa4cef6
SHA512

bacb3edb1b6e68d27ac1f4bc890a95175beeb0282199ba5b82604651b2d150a305c7cb4d55c39b8775b2d86ccc70b3ba5479f85dfb7a7dd21ff332d388f8fdd8
SSDEEP

196608:fhY15EkfbLdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfnX/O2xGQfkdoXKh:IEkfbL4q1+TtIiFUY9Z8D8CcldlXNxNU

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  G5HQtnj.exe
- Size
  
  11.2MB
- MD5
  
  0be4e272300eb9fc19e55bf31bdf59d7
- SHA1
  
  9111b184fd031d02f0285c4136376c2e5ad55851
- SHA256
  
  af996e9181ac2eeceb27c65b213999305ca4985201f96e5363683c6adaa4cef6
- SHA512
  
  bacb3edb1b6e68d27ac1f4bc890a95175beeb0282199ba5b82604651b2d150a305c7cb4d55c39b8775b2d86ccc70b3ba5479f85dfb7a7dd21ff332d388f8fdd8
- SSDEEP
  
  196608:fhY15EkfbLdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfnX/O2xGQfkdoXKh:IEkfbL4q1+TtIiFUY9Z8D8CcldlXNxNU
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1