e26b8740c67a5f8c4d5c90d6ad8edd77434ec0a550b3ec135c1dfc8592ffc0b7 | Triage

Resubmissions

19/11/2024, 12:27

241119-pm2bvs1kcp 8

19/11/2024, 12:23

241119-pkfmdawgql 8

Sharing

General

Target

kbsn1.zip
Size

10.2MB
Sample

241119-pkfmdawgql
MD5

9b837a6e55d7e15b94c76fdfc61e3c9c
SHA1

a72b993a441aa56d1cfbeb078b205024e7df9f54
SHA256

e26b8740c67a5f8c4d5c90d6ad8edd77434ec0a550b3ec135c1dfc8592ffc0b7
SHA512

d41db09e4377163227737a09a15f9a6457c49235eeb118de9723bde03a0ed98aa183eb7c191b51a370a630acf842e8f579ab9056a2a5e85fbd2e5fa0a0ed0dc2
SSDEEP

196608:O8VxHg4xrzJFWus5sn/SYUzNlnLcsAZem22MaJ9xiXRHGHPiwMUGmV8WbOFRG:DpPPWus5oSZSsAtbx+RmviwBZ6G

Score

8^/10

credential_access pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  a.exe
- Size
  
  10.4MB
- MD5
  
  4068d253d67af2a5d88ea72b4b3752e1
- SHA1
  
  f9606e4024f8c5548cde636339940cdb9e5af32f
- SHA256
  
  4d7d69fafc07bac85bbbf2ba9b557dfb59e5c8494e9f35d8a035663bcf8ba825
- SHA512
  
  9ef86394b6312bde08cfb8d2dd9a14a4cf7620cd3552afaf5811bcbd86c5f76eaced013d4a0211d5d36753698b6bc741b03f38e85a2d1ff5c9d86b9d1020de51
- SSDEEP
  
  196608:hW9Yi0xzYKjXMCHGLLc54i1wN+rPIcu9KYK39sRvBaM3PP0OlMe+OdNc/iLJ:49Yi2fXMCHWUjMcuIWvR/P0OlXia
Score

8^/10

credential_access spyware stealer
- Uses browser remote debugging
  Can be used control the browser and steal sensitive information such as credentials and session cookies.
  credential_access stealer
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

Privilege Escalation

Defense Evasion

Modify Authentication Process

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Modify Authentication Process

Steal Web Session Cookie

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

credential_accessspywarestealer