be6385e6cf57460c8fc43cf24e775a5edb99653af6ec0732140ff228532decd9 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

RDR3.zip
Size

22.3MB
Sample

240712-q38asawdjk
MD5

28b0c8519daecebc70ca66f6f096d354
SHA1

9aefc421437f90a2c6e3698d235b6f8b50a970f1
SHA256

be6385e6cf57460c8fc43cf24e775a5edb99653af6ec0732140ff228532decd9
SHA512

b621e8ceaaed7e86277d46ae605c2a9ba3dc7a47f58f8c76822da89ac368a5b551f16fa16a96b3794daae2c074934fff237888ceef524f28370f45631f7b2939
SSDEEP

393216:QTitIi1pifgdLcMEgB4RQfANvUpRhPTo58rgUQ0vTVOl3WN4DtDTArYLLezw:Nz1GgdLcU44CvU9bS88UQ0vUj4i5

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  RDR3.zip
- Size
  
  22.3MB
- MD5
  
  28b0c8519daecebc70ca66f6f096d354
- SHA1
  
  9aefc421437f90a2c6e3698d235b6f8b50a970f1
- SHA256
  
  be6385e6cf57460c8fc43cf24e775a5edb99653af6ec0732140ff228532decd9
- SHA512
  
  b621e8ceaaed7e86277d46ae605c2a9ba3dc7a47f58f8c76822da89ac368a5b551f16fa16a96b3794daae2c074934fff237888ceef524f28370f45631f7b2939
- SSDEEP
  
  393216:QTitIi1pifgdLcMEgB4RQfANvUpRhPTo58rgUQ0vTVOl3WN4DtDTArYLLezw:Nz1GgdLcU44CvU9bS88UQ0vUj4i5
Score

1^/10
behavioral1
- Target
  
  Leia-me - Readme.txt
- Size
  
  220B
- MD5
  
  04febeebdc87b29988e891d25c40cc3a
- SHA1
  
  80cc713b86169ff15c5d3f7cd2b53b612ed9c7c7
- SHA256
  
  b9d3c54768cfff1980bffb2f9d48edeb8eaeb7f37923911ea6d8ba16011bd0d4
- SHA512
  
  8953ffe2171548e5727bf6b8f9a07c68fa14f3c9b25d9d0cbfc5b3476edd99d5cac1536bb0b2708dab59535e53696dc33eb105a82fb907a6bbfb8b742f01ee28
Score

3^/10
behavioral2
- Target
  
  RDR3.exe
- Size
  
  22.5MB
- MD5
  
  019a59e78fbc759af6ab1641614290f6
- SHA1
  
  22075cca659d2a114d3db243cb24b70d0d66204d
- SHA256
  
  2762fa21a57eb2a4fb2555f5a87eac7375e197cb475ed56188107b666a23e122
- SHA512
  
  78947832584574ad0e16f880f60f5f178c7b227b6806c7204ae7231d6ca3c0797592e4c99a5ed3855ea343e097caf04f8cf35db95f3fc2d599b90a7e56128bd8
- SSDEEP
  
  393216:dmZZD1bPmYRQK7+VgvGv67gz7Rblq5L0I2aoaSOVuOPrpJ9yuM6b62ndCQv2x:dmXZbrRQHgizz710tv2uVuC9vtj48
Score

7^/10

pyinstaller spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral3
- Target
  
  blxstealer.pyc
- Size
  
  82KB
- MD5
  
  09449cf086e63f95431d8263065998ff
- SHA1
  
  473f83e8aa59241e40478acaf73e4d2a453f0682
- SHA256
  
  35256f2c74a36325250d79a24acc34f85467f71a8e1e55263a53ac245b61495a
- SHA512
  
  25def5fea87387f10daed089f55945a9b93619c5e5b3e3cf05b5859c539bf4490e86a1778e2486f6b75e1c6b07483c2a9298392427905cc8d8b76199f557c04d
- SSDEEP
  
  1536:W6M0pqRr+7TvbpOK6qwJYDj3813srHOp1Olh:WFV+7TKqtP813sKo
Score

3^/10
behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

pyinstallerspywarestealer

behavioral4