d9f3adff28ab088956d6eeea5b04d8d12fcf8a4b11e15c55e5c8bfe0a934f7ca | Triage

Sharing

General

Target

Dream Advanced.exe
Size

16.2MB
Sample

240527-as1j7aaf29
MD5

a0caa1a41ac394086e60e66c72238228
SHA1

3f1cb07be45e0bd9041aafced97923b2b0dab380
SHA256

d9f3adff28ab088956d6eeea5b04d8d12fcf8a4b11e15c55e5c8bfe0a934f7ca
SHA512

5c61053202d5f9b85f17b39e9b655151ca9f65f13d852f8ee21712e1a1e15f05cff2dd68c26453860b8779a22d721ee06ad1015237789a156c545f7913090589
SSDEEP

393216:GEkcqc4UJWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6l91EfPKksbuKo:Gkz4UYQFS1QtI6a8DZcIlPzkBKo

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Dream Advanced.exe
- Size
  
  16.2MB
- MD5
  
  a0caa1a41ac394086e60e66c72238228
- SHA1
  
  3f1cb07be45e0bd9041aafced97923b2b0dab380
- SHA256
  
  d9f3adff28ab088956d6eeea5b04d8d12fcf8a4b11e15c55e5c8bfe0a934f7ca
- SHA512
  
  5c61053202d5f9b85f17b39e9b655151ca9f65f13d852f8ee21712e1a1e15f05cff2dd68c26453860b8779a22d721ee06ad1015237789a156c545f7913090589
- SSDEEP
  
  393216:GEkcqc4UJWQsUcR4NzK1+TtIiFvY9Z8D8Ccl6l91EfPKksbuKo:Gkz4UYQFS1QtI6a8DZcIlPzkBKo
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2