058fce2fe5bb317ced7b2e0643d401334883a65535fc836eb87163c70f8b41e4

General

Target

PAP46E1UkZ.exe
Size

18.4MB
Sample

240714-t53d4a1cqe
MD5

5330c044e4e55defd10e4d9a5afc31f6
SHA1

4737ddd6a00640a0c668da49448f6078eb8a57f8
SHA256

058fce2fe5bb317ced7b2e0643d401334883a65535fc836eb87163c70f8b41e4
SHA512

65aa4688e92de9340792d7602ba5c91172d20a3b084835864b30f1ea335257ec32f7bb209edcc3a5bb8fe1961a05b73f7c2dbe539f41d445913a0654dff20a20
SSDEEP

393216:gEkULrpBcrouidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkegyra51XL:g85BmotdQu4MJuxZz1RbW8BOd9vkzF5x

Score

8^/10

Malware Config

Targets

- Target
  
  PAP46E1UkZ.exe
- Size
  
  18.4MB
- MD5
  
  5330c044e4e55defd10e4d9a5afc31f6
- SHA1
  
  4737ddd6a00640a0c668da49448f6078eb8a57f8
- SHA256
  
  058fce2fe5bb317ced7b2e0643d401334883a65535fc836eb87163c70f8b41e4
- SHA512
  
  65aa4688e92de9340792d7602ba5c91172d20a3b084835864b30f1ea335257ec32f7bb209edcc3a5bb8fe1961a05b73f7c2dbe539f41d445913a0654dff20a20
- SSDEEP
  
  393216:gEkULrpBcrouidQuslrfrAZYCuPJO8z19P2uDW8B3+d9vkegyra51XL:g85BmotdQu4MJuxZz1RbW8BOd9vkzF5x
Score

8^/10

evasion execution persistence privilege_escalation pyinstaller spyware stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  WindowsLibrary.pyc
- Size
  
  29KB
- MD5
  
  b91666add06b13c7b0ba7c4fe3fce118
- SHA1
  
  389aafc48c69721cbb735ef966ed6fa1d94476dc
- SHA256
  
  0dd207bf0ed7c9a23bf0b3d083bca6afa0993951984527c6301514b3288e0148
- SHA512
  
  dbfe393069a2bd795510ceea577d3751163949db67d759d507cd06ef5b74a941699d6c3e03ebd3799c034abe740764a3d15d5da8d87e792faee803239e21f7de
- SSDEEP
  
  768:08MiJNhnpZopVFcUiRNw9pJM6fL8WW5f5w7ZaZVOkybDR42:08MivP6zFcRLw9pJPWf5w7SYkyb
Score

3^/10
behavioral3 behavioral4