dffba69b5e90e2b7972b960e1622759abf1f295f11b641c1970d56132f4fed56 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

dx9.exe

windows10-1703-x64

7

cstealer.pyc

windows10-1703-x64

3

Sharing

General

Target

dx9.exe
Size

16.6MB
Sample

240525-saj4lagg62
MD5

73c79a827664c524980f8091331bc214
SHA1

588ca896dc941b9772c78c40a5a8dd6e10f460c3
SHA256

dffba69b5e90e2b7972b960e1622759abf1f295f11b641c1970d56132f4fed56
SHA512

577ae52627692358c5f422ae1b0cf81b2065f31fd05f95f1dd8b27f361df1ea414122deef179c5a307ba918aecd7544d85b0728bf758aa8f329fc4e3ed3397e5
SSDEEP

196608:hhSLEkv0sKYu/PaQtsI9OL4FMIZETSRjPePdrQJM9WKbAB/rOQjznPOzx5dy/ysW:sEkZQtsTQETSRvJQ7MrLzG/dSmv/

Score

7^/10

pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

dx9.exe

Resource

win10-20240404-en

spyware stealer

windows10-1703-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

cstealer.pyc

Resource

win10-20240404-en

windows10-1703-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  dx9.exe
- Size
  
  16.6MB
- MD5
  
  73c79a827664c524980f8091331bc214
- SHA1
  
  588ca896dc941b9772c78c40a5a8dd6e10f460c3
- SHA256
  
  dffba69b5e90e2b7972b960e1622759abf1f295f11b641c1970d56132f4fed56
- SHA512
  
  577ae52627692358c5f422ae1b0cf81b2065f31fd05f95f1dd8b27f361df1ea414122deef179c5a307ba918aecd7544d85b0728bf758aa8f329fc4e3ed3397e5
- SSDEEP
  
  196608:hhSLEkv0sKYu/PaQtsI9OL4FMIZETSRjPePdrQJM9WKbAB/rOQjznPOzx5dy/ysW:sEkZQtsTQETSRvJQ7MrLzG/dSmv/
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  cstealer.pyc
- Size
  
  75KB
- MD5
  
  5439ffd9b4954896b05b13d9a54ec999
- SHA1
  
  cce6a497faa806d3cb2f3fb10e26e34ea33729b6
- SHA256
  
  d5d9c56e01e0275793489d298b7880548ed357e50767492e369bd5b622318e10
- SHA512
  
  baecb6b5cff7ae658d8472bac0985c956f2432afb6cc1b338663c6f71731ec0e28ec1ba3bdc7092c29f64d27c2e02232cf51453bd3b60e2ecdb745e3549463a2
- SSDEEP
  
  1536:DvIiOtb253vkwsJlYaa2Is8qRai+joMFpuP4grrRheEX:DvQW9t2Is8H6MeP4grrRnX
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy