53245c0db33c4f8bab442ea125c58e50408796242462f81ed5bbef9d32f05352 | Triage

Sharing

General

Target

spoofer.exe
Size

16.6MB
Sample

240527-ak48eaac46
MD5

aaae9af892545b725f17b2234817fccc
SHA1

2cf5e4044bbc84f8d1898a9a9f71c7937bf876d5
SHA256

53245c0db33c4f8bab442ea125c58e50408796242462f81ed5bbef9d32f05352
SHA512

864a9d07e2880564ce97a52298b5a82aa15d968a5d2d512700f3c9b6de2c7da8e5b86a64106e9bb2d489aff1a302389d8eb7186ce7d94d03e4267ecd9b224708
SSDEEP

393216:CEkFqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lntEwPKksutK+:CND49YQFS1QtI6a8DZcIlt8kvK+

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  spoofer.exe
- Size
  
  16.6MB
- MD5
  
  aaae9af892545b725f17b2234817fccc
- SHA1
  
  2cf5e4044bbc84f8d1898a9a9f71c7937bf876d5
- SHA256
  
  53245c0db33c4f8bab442ea125c58e50408796242462f81ed5bbef9d32f05352
- SHA512
  
  864a9d07e2880564ce97a52298b5a82aa15d968a5d2d512700f3c9b6de2c7da8e5b86a64106e9bb2d489aff1a302389d8eb7186ce7d94d03e4267ecd9b224708
- SSDEEP
  
  393216:CEkFqY49JWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6lntEwPKksutK+:CND49YQFS1QtI6a8DZcIlt8kvK+
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  creal.pyc
- Size
  
  64KB
- MD5
  
  d8cd9403e6a921255a8445ff764c5462
- SHA1
  
  ffb521167871584ede34ad1d58d4c271fe7d2efc
- SHA256
  
  1bb6a413a556047809939bffaacb98796d1f94645d7341d8afe4bb0262e3f0bc
- SHA512
  
  81c714a00e5d89aec7da216181b25ca7d71e606792e8aa18af837c083c070d40f42843ef2ede8a214a26840be60c90b292770a1c56f3fdbc6276d2d7217a467f
- SSDEEP
  
  1536:7Tr7e+0Ql9pObo8BHWftXASFW08VgeOR2es:7TLYbo8B2VXASNMgeORk
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Process Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2