c349c6f267b577de6da6b6ac8fc5d4e263687942b8ce6210bc2c83efbfbe5632 | Triage

Sharing

General

Target

cstealer.exe
Size

21.4MB
Sample

240606-kmnzbaca3t
MD5

3a1194d443df0e5400c398e5b8c7d848
SHA1

4409b80d7ec6d696fbc5963dc45288b329a347ec
SHA256

c349c6f267b577de6da6b6ac8fc5d4e263687942b8ce6210bc2c83efbfbe5632
SHA512

2f969fa7372b644dcf56a815508b23860f2651ec9085d9e64ab44dcf30f085308891cc82d907e54fef04d366127beb392e9dcac4ab7b225b97cefd712e91f248
SSDEEP

393216:oEkZQtsPNZTJWQsUcR4NznW+eGQRRn/ikWMW49yQiYrqE6d3dc5aYv/:ohQts/YQFPW+e5R9qPk7iYe5O5aE

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  cstealer.exe
- Size
  
  21.4MB
- MD5
  
  3a1194d443df0e5400c398e5b8c7d848
- SHA1
  
  4409b80d7ec6d696fbc5963dc45288b329a347ec
- SHA256
  
  c349c6f267b577de6da6b6ac8fc5d4e263687942b8ce6210bc2c83efbfbe5632
- SHA512
  
  2f969fa7372b644dcf56a815508b23860f2651ec9085d9e64ab44dcf30f085308891cc82d907e54fef04d366127beb392e9dcac4ab7b225b97cefd712e91f248
- SSDEEP
  
  393216:oEkZQtsPNZTJWQsUcR4NznW+eGQRRn/ikWMW49yQiYrqE6d3dc5aYv/:ohQts/YQFPW+e5R9qPk7iYe5O5aE
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2