6c9b9da8e7e6a040ab476d8b05aead171cda1e86a616723fefbd0488b2396f0b | Triage

Sharing

General

Target

Cromus.exe
Size

8.3MB
Sample

240617-f8rvwawfrd
MD5

3766382dff0264991bd5d6b7571e1697
SHA1

54a4a206a24f0ea474797d2541e960689e4943b6
SHA256

6c9b9da8e7e6a040ab476d8b05aead171cda1e86a616723fefbd0488b2396f0b
SHA512

e0883505053ade93a013bc582cea29de9be8f19cafa2fd021a5a128fef8513d05899eccd6a38a28409a6779e02c8fba05c9a38e1c0ab3df3bcfa2b9b01eaab74
SSDEEP

196608:WwUu78K/1+/dQmRJ8dA6l7aycBIGpEGo6hTOv+QKf+bQlRMbTc:tUu7L/edQusl29foWOv+9f

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Cromus.exe
- Size
  
  8.3MB
- MD5
  
  3766382dff0264991bd5d6b7571e1697
- SHA1
  
  54a4a206a24f0ea474797d2541e960689e4943b6
- SHA256
  
  6c9b9da8e7e6a040ab476d8b05aead171cda1e86a616723fefbd0488b2396f0b
- SHA512
  
  e0883505053ade93a013bc582cea29de9be8f19cafa2fd021a5a128fef8513d05899eccd6a38a28409a6779e02c8fba05c9a38e1c0ab3df3bcfa2b9b01eaab74
- SSDEEP
  
  196608:WwUu78K/1+/dQmRJ8dA6l7aycBIGpEGo6hTOv+QKf+bQlRMbTc:tUu7L/edQusl29foWOv+9f
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  cstealer.pyc
- Size
  
  39KB
- MD5
  
  a03051426842272fcd6c500a75261f00
- SHA1
  
  eccccb727231f70bcf942719bc58d652cb2436e5
- SHA256
  
  ef2d73bcc0b022493059e1bd7ed21ef56ed39d087a1dc7712bdca3388d37da3d
- SHA512
  
  01a43f6e01ee9d6929a2853395a06f51cc094ad0601a34fb50cc7ce63bbbeb6341108b6582c162f1af7d07ba538f2ea6cf94d7bbce103113b58269688f7dd09a
- SSDEEP
  
  768:fuqejHJUc4k17WnMAF+5JsylM3jprKBBbxoZUM4PqVfqrY9Wygqxie3HrKl4HYiF:d4ph4kW+JsyC3F6OUM6qVirY9WygWiMP
Score

3^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4