General

  • Target

    pylaAI_fix_v1.exe

  • Size

    18.5MB

  • Sample

    240825-lt52vazcrr

  • MD5

    1b178a4191010fdd67a19dc32d7db289

  • SHA1

    dfdc6a499d3be388d4fc40a9fa34a8a6b077f85a

  • SHA256

    cb55e4ab793155954a8a8e68010460c906d8e3fd6be9f394e3b58977c5350c39

  • SHA512

    f373d8fc2951256a90e33a83cdb650d3cd759df9cdd5e042d1db9ee6502cf4f1f12a0f170f9b76add1f3c1ff63d346f9a3731b46ff271980de51c3c7302f1b02

  • SSDEEP

    393216:kZEkFqn4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lq2FsE3XKE6MWKBx:AN44bX71QtI6a8DZcIlqgsdECKB

Malware Config

Targets

    • Target

      pylaAI_fix_v1.exe

    • Size

      18.5MB

    • MD5

      1b178a4191010fdd67a19dc32d7db289

    • SHA1

      dfdc6a499d3be388d4fc40a9fa34a8a6b077f85a

    • SHA256

      cb55e4ab793155954a8a8e68010460c906d8e3fd6be9f394e3b58977c5350c39

    • SHA512

      f373d8fc2951256a90e33a83cdb650d3cd759df9cdd5e042d1db9ee6502cf4f1f12a0f170f9b76add1f3c1ff63d346f9a3731b46ff271980de51c3c7302f1b02

    • SSDEEP

      393216:kZEkFqn4gP8AxYDX1+TtIiFvY9Z8D8Ccl6lq2FsE3XKE6MWKBx:AN44bX71QtI6a8DZcIlqgsdECKB

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Enumerates processes with tasklist

MITRE ATT&CK Enterprise v15

Tasks