f4aa32abcfdc7c4fe78f8a16b7b20e48f03ed80de79981f61b5218240ce8512c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sex.exe
Size

35.2MB
Sample

240614-xqn5psself
MD5

14f200cae87102801fdd96b86fdc8786
SHA1

698d8b191bcb174f965d3d31f012d673965aa8a1
SHA256

f4aa32abcfdc7c4fe78f8a16b7b20e48f03ed80de79981f61b5218240ce8512c
SHA512

d2fee11f61e2ce1a3b4253027337bf1b97e1bd2af39ee1e6527e13f2cb4d65c6c19a4c150a034b4edb6adedbf8dc9fe204b2cb942632d32279d81f4d04d426ad
SSDEEP

786432:L3IQts2Y2GvSXgbJPVFfdoeUEouf9PgFd16B4OQ:0QtxY2G6XgbJPDfJokFqd16BR

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  sex.exe
- Size
  
  35.2MB
- MD5
  
  14f200cae87102801fdd96b86fdc8786
- SHA1
  
  698d8b191bcb174f965d3d31f012d673965aa8a1
- SHA256
  
  f4aa32abcfdc7c4fe78f8a16b7b20e48f03ed80de79981f61b5218240ce8512c
- SHA512
  
  d2fee11f61e2ce1a3b4253027337bf1b97e1bd2af39ee1e6527e13f2cb4d65c6c19a4c150a034b4edb6adedbf8dc9fe204b2cb942632d32279d81f4d04d426ad
- SSDEEP
  
  786432:L3IQts2Y2GvSXgbJPVFfdoeUEouf9PgFd16B4OQ:0QtxY2G6XgbJPDfJokFqd16BR
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1