cd6895d9d9102ea27dac2c4208dacb42efe9a21960e5794880c211726ecf3e6e | Triage

Sharing

General

Target

2024-06-07_56a61ec905a38e792f1f9a8dda82a481_ryuk
Size

30.4MB
Sample

240607-hpnefsda87
MD5

56a61ec905a38e792f1f9a8dda82a481
SHA1

da90c55e522b6be898c50c803ff6c28ccf93f456
SHA256

cd6895d9d9102ea27dac2c4208dacb42efe9a21960e5794880c211726ecf3e6e
SHA512

df593826009da836bcefa9353275d6ff5d728984ccf759f9c92e423778b8aec20adf2adca2e6c1e9f872c0f33978b5060554b1f24128cf9052ed3be4aacf1103
SSDEEP

786432:BYUbmEhkUXAF9nysQpr+kYAdZk+tN3DImWX:GUyE1XK9ntDkykE

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  2024-06-07_56a61ec905a38e792f1f9a8dda82a481_ryuk
- Size
  
  30.4MB
- MD5
  
  56a61ec905a38e792f1f9a8dda82a481
- SHA1
  
  da90c55e522b6be898c50c803ff6c28ccf93f456
- SHA256
  
  cd6895d9d9102ea27dac2c4208dacb42efe9a21960e5794880c211726ecf3e6e
- SHA512
  
  df593826009da836bcefa9353275d6ff5d728984ccf759f9c92e423778b8aec20adf2adca2e6c1e9f872c0f33978b5060554b1f24128cf9052ed3be4aacf1103
- SSDEEP
  
  786432:BYUbmEhkUXAF9nysQpr+kYAdZk+tN3DImWX:GUyE1XK9ntDkykE
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2