873e38a26e2f530ae512aae20e42bd611cd72ad7e1796aa1d1d6832679be938e | Triage

Submit
Reports

Overview

overview

9

Static

static

3

Spoofer.exe

windows10-1703-x64

9

Sharing

General

Target

Spoofer.exe
Size

10.3MB
Sample

240727-lg9t9szhnl
MD5

4f8a0da4c9fd2aa83a2d5b6c70eb067b
SHA1

f9666cfc362bb6a193cd36e52068101fe1f92401
SHA256

873e38a26e2f530ae512aae20e42bd611cd72ad7e1796aa1d1d6832679be938e
SHA512

166ff8a648b85dd84fe73d9c6aafc639cbf5644681ad6c0ed50f231e7b32dc240781f3b34676a21a5abdeab79a4252e9570c7716c49656801a4612190ae6877b
SSDEEP

196608:gwUEkYcowuLIRBA1HeT39Iigwh1ncKOVVtc97tqtQ1NjOx74U:AEkYcXxq1+TtIiFv0VQxg6Cl

Score

9^/10

credential_access discovery pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Spoofer.exe

Resource

win10-20240404-en

credential_access discovery spyware stealer

windows10-1703-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  Spoofer.exe
- Size
  
  10.3MB
- MD5
  
  4f8a0da4c9fd2aa83a2d5b6c70eb067b
- SHA1
  
  f9666cfc362bb6a193cd36e52068101fe1f92401
- SHA256
  
  873e38a26e2f530ae512aae20e42bd611cd72ad7e1796aa1d1d6832679be938e
- SHA512
  
  166ff8a648b85dd84fe73d9c6aafc639cbf5644681ad6c0ed50f231e7b32dc240781f3b34676a21a5abdeab79a4252e9570c7716c49656801a4612190ae6877b
- SSDEEP
  
  196608:gwUEkYcowuLIRBA1HeT39Iigwh1ncKOVVtc97tqtQ1NjOx74U:AEkYcXxq1+TtIiFv0VQxg6Cl
Score

9^/10

credential_access discovery spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer

© 2018-2024

Terms | Privacy