a6c4bfbdba32fb8e2612c48430955a0da3e3cebcbaa31a9c58c1f41a54a2a5ef | Triage

Sharing

General

Target

Glitchroll_V2.exe
Size

9.6MB
Sample

240609-kkp4lagh99
MD5

3b43f8c06374f713c0a70a40aecde8be
SHA1

85bb3c4788f6c8430ade45c24a5d752079cd87e8
SHA256

a6c4bfbdba32fb8e2612c48430955a0da3e3cebcbaa31a9c58c1f41a54a2a5ef
SHA512

04c05fce1f974f2546b0e1552b586970bdd72a2b9cafaccfc991cbc32b753d16c333ea76497b82e3a7fb6be284752dc908363179c07f793819c6d30a0e84e257
SSDEEP

196608:Vp+hUICteEroXxqENE+sKsXXgN/1q3+dgSKkzL0W8/Laz2Niix5wDNPK:LInEroXjsKkXgHq3+d9/kW8S2ZUNy

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Glitchroll_V2.exe
- Size
  
  9.6MB
- MD5
  
  3b43f8c06374f713c0a70a40aecde8be
- SHA1
  
  85bb3c4788f6c8430ade45c24a5d752079cd87e8
- SHA256
  
  a6c4bfbdba32fb8e2612c48430955a0da3e3cebcbaa31a9c58c1f41a54a2a5ef
- SHA512
  
  04c05fce1f974f2546b0e1552b586970bdd72a2b9cafaccfc991cbc32b753d16c333ea76497b82e3a7fb6be284752dc908363179c07f793819c6d30a0e84e257
- SSDEEP
  
  196608:Vp+hUICteEroXxqENE+sKsXXgN/1q3+dgSKkzL0W8/Laz2Niix5wDNPK:LInEroXjsKkXgHq3+d9/kW8S2ZUNy
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1