5e7cd5e96ec969b102b5d369d6cfc7df0e03dd57922ef0ec70b89b464f429c39 | Triage

Sharing

General

Target

Xecuter.exe
Size

16.2MB
Sample

240526-p3bfdaeh72
MD5

27c1cd16f572dc734f358de5d85d986e
SHA1

22c9ccba614dbee37b957be59577226e0a052db5
SHA256

5e7cd5e96ec969b102b5d369d6cfc7df0e03dd57922ef0ec70b89b464f429c39
SHA512

c3609c50caa20bb898615ac86e3992cc6afada8e02e59209ddc6a778a9239d541350bc2c15d2209a27a0df72e55b8a1f92d171710101a7056a4749fdd955380e
SSDEEP

393216:1EkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lnaEfPKksbuK+:1kD49YQFS1QtI6a8DZcIlazkBK+

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Xecuter.exe
- Size
  
  16.2MB
- MD5
  
  27c1cd16f572dc734f358de5d85d986e
- SHA1
  
  22c9ccba614dbee37b957be59577226e0a052db5
- SHA256
  
  5e7cd5e96ec969b102b5d369d6cfc7df0e03dd57922ef0ec70b89b464f429c39
- SHA512
  
  c3609c50caa20bb898615ac86e3992cc6afada8e02e59209ddc6a778a9239d541350bc2c15d2209a27a0df72e55b8a1f92d171710101a7056a4749fdd955380e
- SSDEEP
  
  393216:1EkcqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lnaEfPKksbuK+:1kD49YQFS1QtI6a8DZcIlazkBK+
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1