260fcf9733fa7905b81354bc118d3e6c11ea4a54f920ef34aa2e803c7bc1ba4d | Triage

Sharing

General

Target

downloader.exe
Size

10.2MB
Sample

241101-wr9mcsvnhj
MD5

05c64eeb6fe8600656330ea595fa679f
SHA1

60db9291852c7382e5dca7efce19b7d66323bb59
SHA256

260fcf9733fa7905b81354bc118d3e6c11ea4a54f920ef34aa2e803c7bc1ba4d
SHA512

50fe677bfca452a4df831c2dd881d482aa519be0005f8a392d527de450ce34c55505c30140ad1272b411d1091db8fe22f1d5d17aa4a8c0638528f0ecfc6de914
SSDEEP

196608:5p9Yi031kb5RiJQ1W903eV4QRM993iObMAR1jQmGYuuLmAvJ1PaIU:v9Yi82F5W+eGQRe93iObLRS/MLRvJvU

Score

7^/10

credential_access discovery pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  downloader.exe
- Size
  
  10.2MB
- MD5
  
  05c64eeb6fe8600656330ea595fa679f
- SHA1
  
  60db9291852c7382e5dca7efce19b7d66323bb59
- SHA256
  
  260fcf9733fa7905b81354bc118d3e6c11ea4a54f920ef34aa2e803c7bc1ba4d
- SHA512
  
  50fe677bfca452a4df831c2dd881d482aa519be0005f8a392d527de450ce34c55505c30140ad1272b411d1091db8fe22f1d5d17aa4a8c0638528f0ecfc6de914
- SSDEEP
  
  196608:5p9Yi031kb5RiJQ1W903eV4QRM993iObMAR1jQmGYuuLmAvJ1PaIU:v9Yi82F5W+eGQRe93iObLRS/MLRvJvU
Score

7^/10

credential_access discovery spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer