859f1686da77121c84375c946294915ff7e89452ed728737a66c744e3cab68dc | Triage

Submit
Reports

Overview

overview

8

Static

static

1

sample.html

windows11-21h2-x64

8

Sharing

General

Target

sample
Size

522KB
Sample

241023-swjd7azajp
MD5

99f111b1f63035345dc19465df38476a
SHA1

93aa558e3373a009fc0ec03d365d142eb8fca2d3
SHA256

859f1686da77121c84375c946294915ff7e89452ed728737a66c744e3cab68dc
SHA512

8daea2c8156c704a5d14c5d9b8f7a0d0454028969500560cee6d299cafb152b0e9fb2ff8af0652a0aebea0103b39ddaf0df3b120abee51d48adda340b8f54f39
SSDEEP

6144:Da7n0fn0fJ0fm0f/0fM0f00fq0fH0fX0f+lPsz:DUn0P0h0O0X0E0c0y0f0v0GlPe

Score

8^/10

credential_access defense_evasion discovery pyinstaller spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

sample.html

Resource

win11-20241007-en

credential_access defense_evasion discovery pyinstaller spyware stealer

windows11-21h2-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  sample
- Size
  
  522KB
- MD5
  
  99f111b1f63035345dc19465df38476a
- SHA1
  
  93aa558e3373a009fc0ec03d365d142eb8fca2d3
- SHA256
  
  859f1686da77121c84375c946294915ff7e89452ed728737a66c744e3cab68dc
- SHA512
  
  8daea2c8156c704a5d14c5d9b8f7a0d0454028969500560cee6d299cafb152b0e9fb2ff8af0652a0aebea0103b39ddaf0df3b120abee51d48adda340b8f54f39
- SSDEEP
  
  6144:Da7n0fn0fJ0fm0f/0fM0f00fq0fH0fX0f+lPsz:DUn0P0h0O0X0E0c0y0f0v0GlPe
Score

8^/10

credential_access defense_evasion discovery pyinstaller spyware stealer
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdefense_evasiondiscoverypyinstallerspywarestealer

© 2018-2024

Terms | Privacy