6735843446f82faa6119e693ec4b2d8f287a312c1dd6a0c2350abc4825cfd974 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Browser.exe
Size

106.5MB
Sample

240604-nrwrhafd27
MD5

6b9ddc020230994f58265298f992ab3e
SHA1

6b2385833bd6d40ae58b8443a4538a17f8a8b92a
SHA256

6735843446f82faa6119e693ec4b2d8f287a312c1dd6a0c2350abc4825cfd974
SHA512

9212fc1675f7b26f9432f3da1668eb2c5aa46669b7a30b8224b2f36c023bfd790b5078af6eb77359a081d9265ec938a87386c1f0989702a36bb3834a9dfaf654
SSDEEP

3145728:9/dukp4gwPvP+4tG5YwUSC++uy65C4H0jpJEQ6:9EJgwPXjtGagCMy2CY0jTEQ

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Browser.exe
- Size
  
  106.5MB
- MD5
  
  6b9ddc020230994f58265298f992ab3e
- SHA1
  
  6b2385833bd6d40ae58b8443a4538a17f8a8b92a
- SHA256
  
  6735843446f82faa6119e693ec4b2d8f287a312c1dd6a0c2350abc4825cfd974
- SHA512
  
  9212fc1675f7b26f9432f3da1668eb2c5aa46669b7a30b8224b2f36c023bfd790b5078af6eb77359a081d9265ec938a87386c1f0989702a36bb3834a9dfaf654
- SSDEEP
  
  3145728:9/dukp4gwPvP+4tG5YwUSC++uy65C4H0jpJEQ6:9EJgwPXjtGagCMy2CY0jTEQ
Score

7^/10

spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2