78ad571d0eadb52b6fce258f3aee050ad5b2eb78e294475260de4486f9283dd0 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Adobe Premier Pro 2024.exe
Size

23.0MB
Sample

240921-xca1xsxbqg
MD5

e65652f5c41c020ef2589655d9ff7518
SHA1

2b7523b09be95c9a0fcbf18ce01fc921e364aff2
SHA256

78ad571d0eadb52b6fce258f3aee050ad5b2eb78e294475260de4486f9283dd0
SHA512

4b26ebab7279e7f72769631d7a9a1e6f477c27f405cb8eecc0c51bc36ef113a26aa68a54fe2e64ea7d8512f93d85bcf848d0b2ef34fc321426a71fee6af83a5d
SSDEEP

393216:xEkQLQtspfkL01+l+uq+Vv2dQ2l6n+9JCKe5rpJttpz6hd4LU/x:xYQtspfQ01+l+uqgv2dQO9JCKe59lAAL

Score

9^/10

credential_access pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  Adobe Premier Pro 2024.exe
- Size
  
  23.0MB
- MD5
  
  e65652f5c41c020ef2589655d9ff7518
- SHA1
  
  2b7523b09be95c9a0fcbf18ce01fc921e364aff2
- SHA256
  
  78ad571d0eadb52b6fce258f3aee050ad5b2eb78e294475260de4486f9283dd0
- SHA512
  
  4b26ebab7279e7f72769631d7a9a1e6f477c27f405cb8eecc0c51bc36ef113a26aa68a54fe2e64ea7d8512f93d85bcf848d0b2ef34fc321426a71fee6af83a5d
- SSDEEP
  
  393216:xEkQLQtspfkL01+l+uq+Vv2dQ2l6n+9JCKe5rpJttpz6hd4LU/x:xYQtspfQ01+l+uqgv2dQO9JCKe59lAAL
Score

9^/10

credential_access spyware stealer
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1
- Target
  
  blxstealer.pyc
- Size
  
  73KB
- MD5
  
  1f42d3132d29b10be8a8d3ba81af70ac
- SHA1
  
  fa7073e7bcb78734260554670bd2e9e8492b023f
- SHA256
  
  230a94b9700d54aca7919d5d64c0916739969e6aeb1c0b46b292c77a1a8f64e6
- SHA512
  
  1d2eb2b0952a241049f53e9ac27285b581ebf3f0ae84e5d86eb6292e706fb2cd52149ec3cc646d9e22eb2c3234efeeceaa8e5c2af4b0cf7f76814dbb88b73076
- SSDEEP
  
  768:n96Ne0pxQRqA38ghMR+46cxTmqtq/QRoXXCQQLuQ7TYZVhHPeMt3w9pFYQep3HWv:96M0pqRk+8TmqVTLVYXlmMt3mYQQW1Oo
Score

3^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessspywarestealer

behavioral2