03cdb29b6e0b1da7038eb0a999f344f797a4d547548dbdb1b565771df30d2b8b | Triage

Resubmissions

29-06-2024 17:44

240629-wbgxeavgnr 8

29-06-2024 17:43

240629-wak8fascjg 3

29-06-2024 17:38

240629-v73y3svgkl 7

29-06-2024 17:37

240629-v68syavgjl 3

29-06-2024 17:31

240629-v3wdfasard 7

29-06-2024 14:11

240629-rhp45sygnh 7

29-06-2024 14:08

240629-rf1svssbnk 3

Sharing

General

Target

Lemotu.rar
Size

19.2MB
Sample

240629-rhp45sygnh
MD5

46d888e464737207c89193ce92ee4014
SHA1

b8dbd0ad6d33f69570609e459bdc646d86fc177a
SHA256

03cdb29b6e0b1da7038eb0a999f344f797a4d547548dbdb1b565771df30d2b8b
SHA512

1de74a63b4cc8e3d978a28215ac8cfa651d2a0212ed92ece6840d3a05a5567f664ca631ee3c00ac4f9a6e828cdc4cea69ce5e6fee97facb17c15f36e01c6691b
SSDEEP

393216:vaZW3Tk17K0YCuMk4zuKluG99o49fAqsW8HE1xFCkpnzAWJAlG:yZ7huMk4qERA4xHsW8WrC6n0WClG

Score

7^/10

persistence privilege_escalation pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Lemotu.rar
- Size
  
  19.2MB
- MD5
  
  46d888e464737207c89193ce92ee4014
- SHA1
  
  b8dbd0ad6d33f69570609e459bdc646d86fc177a
- SHA256
  
  03cdb29b6e0b1da7038eb0a999f344f797a4d547548dbdb1b565771df30d2b8b
- SHA512
  
  1de74a63b4cc8e3d978a28215ac8cfa651d2a0212ed92ece6840d3a05a5567f664ca631ee3c00ac4f9a6e828cdc4cea69ce5e6fee97facb17c15f36e01c6691b
- SSDEEP
  
  393216:vaZW3Tk17K0YCuMk4zuKluG99o49fAqsW8HE1xFCkpnzAWJAlG:yZ7huMk4qERA4xHsW8WrC6n0WClG
Score

7^/10

persistence privilege_escalation pyinstaller spyware stealer
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceprivilege_escalationpyinstallerspywarestealer