9d70292d24d388691e1d0a8df29be1d1cc15317922494f5498c32353b9c01bd3 | Triage

Sharing

General

Target

KEtamineV2.exe
Size

10.2MB
Sample

240525-x97fdsga62
MD5

c5a1640414856e85667460c0505f3407
SHA1

c0864e40a12ed6f45f9fb6731654a0e9285a8bec
SHA256

9d70292d24d388691e1d0a8df29be1d1cc15317922494f5498c32353b9c01bd3
SHA512

ebcc962a6653be0a0646bdeab56c695f5936f0950b88bd466eb97590b83cbed59bf528f16fff24b79faf5cc32373335e86a1a6b517a8c51e5a8fc8ce5457cffb
SSDEEP

196608:5hoKHEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfEGQfk4oXKh:XEkfc4q1+TtIiFUY9Z8D8CcldlsNyXKh

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  KEtamineV2.exe
- Size
  
  10.2MB
- MD5
  
  c5a1640414856e85667460c0505f3407
- SHA1
  
  c0864e40a12ed6f45f9fb6731654a0e9285a8bec
- SHA256
  
  9d70292d24d388691e1d0a8df29be1d1cc15317922494f5498c32353b9c01bd3
- SHA512
  
  ebcc962a6653be0a0646bdeab56c695f5936f0950b88bd466eb97590b83cbed59bf528f16fff24b79faf5cc32373335e86a1a6b517a8c51e5a8fc8ce5457cffb
- SSDEEP
  
  196608:5hoKHEkfcdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMfEGQfk4oXKh:XEkfc4q1+TtIiFUY9Z8D8CcldlsNyXKh
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3
- Target
  
  cstealer.pyc
- Size
  
  67KB
- MD5
  
  be2e2102253d18056ee313be704aa68c
- SHA1
  
  b6b10afc11bd8e5342ddd7226d57c04c35bc7859
- SHA256
  
  9fe66fcd864ed23290d48d9c0c712c6bd6cc1e8606837c3c4daed8e1a8e1deec
- SHA512
  
  5c62522917b984e552a5e4a6ab51ec648c47521c204a0015e10ebeb4bc40126b24908d95cee633b03917d87d6f034f851d4641d544cc0e760d128d6c51de9cb8
- SSDEEP
  
  1536:l0xqOgVxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqC/+bo88PiXX0r+LRP
Score

3^/10
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6