9e5798afe89c25a0fed8eb9e523b75adeb77e88bf99ad5bedfb64ce0e71a4214 | Triage

Sharing

General

Target

gJbbweI.exe
Size

22.7MB
Sample

240526-rtms6ahe5w
MD5

dffac018eb176b21b939bbbc3655bc97
SHA1

65f47050ec235b0ffd7256c91db24320615dd441
SHA256

9e5798afe89c25a0fed8eb9e523b75adeb77e88bf99ad5bedfb64ce0e71a4214
SHA512

4046302eefa4b81fbb516b813c495bd1f6fb2b0032f94ffa477f33658b6ee1bd00008743bdbc15558ca000e8080c087a503e364831dcf8e37aede1d4864ecf30
SSDEEP

393216:1RIQtsuZYYJWQsUcR4NzK1+TtIiFDCuARuAQhFXmFXcDEWq60gMY8fC:bIQtsgYYYQFS1QtI+CuAghKYE73gJ86

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  gJbbweI.exe
- Size
  
  22.7MB
- MD5
  
  dffac018eb176b21b939bbbc3655bc97
- SHA1
  
  65f47050ec235b0ffd7256c91db24320615dd441
- SHA256
  
  9e5798afe89c25a0fed8eb9e523b75adeb77e88bf99ad5bedfb64ce0e71a4214
- SHA512
  
  4046302eefa4b81fbb516b813c495bd1f6fb2b0032f94ffa477f33658b6ee1bd00008743bdbc15558ca000e8080c087a503e364831dcf8e37aede1d4864ecf30
- SSDEEP
  
  393216:1RIQtsuZYYJWQsUcR4NzK1+TtIiFDCuARuAQhFXmFXcDEWq60gMY8fC:bIQtsgYYYQFS1QtI+CuAghKYE73gJ86
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2