Overview

overview

7

Static

static

3

Ethereal.exe

windows7-x64

7

Ethereal.exe

windows10-2004-x64

7

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Resubmissions

28-05-2024 08:41

240528-klen9adh94 7

28-05-2024 08:34

240528-kgp97acg2z 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ethereal.exe

  • Size

    11.1MB

  • Sample

    240528-klen9adh94

  • MD5

    378e476a483942485b9fc91c45a352f2

  • SHA1

    54860021523e00f1dfc6bfb887a51c5b987ff56d

  • SHA256

    9fc4e43929368cd9f3fff81b94d9a3fc5f9f4035f1e11ba7a16763ab4d1d9d2a

  • SHA512

    c9d048603b6c84d552fc40a8932e6f24f13034af92c6e0b772c91525bb000dd5401ec4e1edf0a6cc9ec94d54beeed06672e25fd18c7baa6ed9b8854a95123fd8

  • SSDEEP

    196608:AhCvzCEkfGJdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMf8X/O2hGQfkdoyKh:FCEkfG4q1+TtIiFUY9Z8D8CcldloNhNV

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      Ethereal.exe

    • Size

      11.1MB

    • MD5

      378e476a483942485b9fc91c45a352f2

    • SHA1

      54860021523e00f1dfc6bfb887a51c5b987ff56d

    • SHA256

      9fc4e43929368cd9f3fff81b94d9a3fc5f9f4035f1e11ba7a16763ab4d1d9d2a

    • SHA512

      c9d048603b6c84d552fc40a8932e6f24f13034af92c6e0b772c91525bb000dd5401ec4e1edf0a6cc9ec94d54beeed06672e25fd18c7baa6ed9b8854a95123fd8

    • SSDEEP

      196608:AhCvzCEkfGJdqBA1HeT39IigwdeE9TFa0Z8DOjCdylLhYMf8X/O2hGQfkdoyKh:FCEkfG4q1+TtIiFUY9Z8D8CcldloNhNV

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      cstealer.pyc

    • Size

      67KB

    • MD5

      036d49d6b35dfb6f43e6ce66f6cb329b

    • SHA1

      d5dd66bbb5edaac5576e640af3c04c938052577d

    • SHA256

      85689213b1f1c5341f004a21795ed7ec063e1805d41dc7716fc5367ed6053943

    • SHA512

      b86d6cc29691d46d625924b4528cd174bdf9f2060a82028c2a88baa0567796c40179566324b37006515c66698f441e89c17f561da8ea431970940f937ff8d7c9

    • SSDEEP

      1536:l0xqOgTxpqBJlMstbo88jLQQcXf9qS0Vr+LRheG:lqc/+bo88PiXX0r+LRP

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks