7e93f70c5d575129af4892cfaae4f5a9790b20bd3fcdd97d002e53b8c2f3e496 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

main.exe
Size

12.4MB
Sample

240929-jtyxesvgkr
MD5

9cf9cfabe8fc31171c6a5c2975a0a7ff
SHA1

49952dc5e67423fa3a657de5913e0cae7c20d86b
SHA256

7e93f70c5d575129af4892cfaae4f5a9790b20bd3fcdd97d002e53b8c2f3e496
SHA512

4489fd3b257a7caf519477a84c30d3487d368c789dfdeb159e0890975b44fd7f4aac7fd36a2d54418c0fa88a7a0b1c97a042edfc8426de0e75b28cd68648e154
SSDEEP

196608:/ppcuowuLI+lA1HeT39Iigwo1ncKOVVtaSE37RNj2tkc7tQTNajlTe0E5vxTIFxX:HcAeu1+TtIiFE0V7Cj9m6cjM0E5ILD

Score

7^/10

pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  main.exe
- Size
  
  12.4MB
- MD5
  
  9cf9cfabe8fc31171c6a5c2975a0a7ff
- SHA1
  
  49952dc5e67423fa3a657de5913e0cae7c20d86b
- SHA256
  
  7e93f70c5d575129af4892cfaae4f5a9790b20bd3fcdd97d002e53b8c2f3e496
- SHA512
  
  4489fd3b257a7caf519477a84c30d3487d368c789dfdeb159e0890975b44fd7f4aac7fd36a2d54418c0fa88a7a0b1c97a042edfc8426de0e75b28cd68648e154
- SSDEEP
  
  196608:/ppcuowuLI+lA1HeT39Iigwo1ncKOVVtaSE37RNj2tkc7tQTNajlTe0E5vxTIFxX:HcAeu1+TtIiFE0V7Cj9m6cjM0E5ILD
Score

7^/10

spyware stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1