3686a006927fd98b51b502ca8b87d9299f81cc8181885cf031e810c78dffacef | Triage

Sharing

Copy URL Twitter E-mail

General

Target

happymod.exe
Size

15.3MB
Sample

241012-s6vj7ssekq
MD5

3530afac677c165ac697bf202b94974f
SHA1

8cc39672853c7b5bd5ed717ea62fe5ccb680a62a
SHA256

3686a006927fd98b51b502ca8b87d9299f81cc8181885cf031e810c78dffacef
SHA512

cd089a7436f6c758b84a33f1315637d724b8c5ca5371587b72210073833b9c94a9c658d35e61e54b5f0cec827b931764251d78c73719bbbf4ae578ddb5f9c720
SSDEEP

393216:MGV2+W80YTjgpgPYVnNSMF1+TtIiFQSUau50KNsIyQKRmd:LPW80YvgpgPQH1QtIma50RI3d

Score

7^/10

discovery pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  happymod.exe
- Size
  
  15.3MB
- MD5
  
  3530afac677c165ac697bf202b94974f
- SHA1
  
  8cc39672853c7b5bd5ed717ea62fe5ccb680a62a
- SHA256
  
  3686a006927fd98b51b502ca8b87d9299f81cc8181885cf031e810c78dffacef
- SHA512
  
  cd089a7436f6c758b84a33f1315637d724b8c5ca5371587b72210073833b9c94a9c658d35e61e54b5f0cec827b931764251d78c73719bbbf4ae578ddb5f9c720
- SSDEEP
  
  393216:MGV2+W80YTjgpgPYVnNSMF1+TtIiFQSUau50KNsIyQKRmd:LPW80YvgpgPQH1QtIma50RI3d
Score

7^/10

discovery spyware stealer
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

discoveryspywarestealer