ba466be347afc4dc0db4065ba3264bb339cb79b6c9b175abea08f6983356cfb0 | Triage

Sharing

General

Target

parazetamol_v6.exe
Size

14.0MB
Sample

241123-j8bens1qaz
MD5

07c41312edcddec325ff40dfc6e30e22
SHA1

9c435d7f194810e6f67fd93910e316cac0c9babb
SHA256

ba466be347afc4dc0db4065ba3264bb339cb79b6c9b175abea08f6983356cfb0
SHA512

edbf2b78aed0726234b190bb2608cafb3d08e304d5d6feda64f18f75c9b9f2c5d591fdd145797f61599300a7ff78b412bc68f88b64ca01563205fd154590005a
SSDEEP

393216:QEkzjCi/VE72XMCHWUjojx5WsqWxTM8VTbUj1j++Ose:QLjCiNE72XMb8fsqAkj1j

Score

7^/10

credential_access discovery pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  parazetamol_v6.exe
- Size
  
  14.0MB
- MD5
  
  07c41312edcddec325ff40dfc6e30e22
- SHA1
  
  9c435d7f194810e6f67fd93910e316cac0c9babb
- SHA256
  
  ba466be347afc4dc0db4065ba3264bb339cb79b6c9b175abea08f6983356cfb0
- SHA512
  
  edbf2b78aed0726234b190bb2608cafb3d08e304d5d6feda64f18f75c9b9f2c5d591fdd145797f61599300a7ff78b412bc68f88b64ca01563205fd154590005a
- SSDEEP
  
  393216:QEkzjCi/VE72XMCHWUjojx5WsqWxTM8VTbUj1j++Ose:QLjCiNE72XMb8fsqAkj1j
Score

7^/10

credential_access discovery spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

credential_accessdiscoveryspywarestealer