5986174e705ba0414238db717ee5d5764b8f21d70ec55bf344471668aa2e26aa | Triage

Sharing

General

Target

5986174e705ba0414238db717ee5d5764b8f21d70ec55bf344471668aa2e26aa.exe
Size

53.2MB
Sample

241129-mfczksvpar
MD5

f874e846b3925066608d9101dd85ba05
SHA1

ed8c78e93b3652ffa125875d6c2243b741caa6c9
SHA256

5986174e705ba0414238db717ee5d5764b8f21d70ec55bf344471668aa2e26aa
SHA512

cbff7fc86268cb3f2e21b78f741e48300886fe945d6e17cfde7f777ddb311bd94c93c05da58db17b3de55cec25c32c63c2d689b0e08e224bdcdded3f63568962
SSDEEP

393216:9eWoIqVqixdQJlaF3MnG3xlpuM9Cr/sWy:daHxdQM3MGxukLW

Score

8^/10

collection credential_access discovery execution persistence privilege_escalation pyinstaller spyware stealer

Malware Config

Targets

- Target
  
  5986174e705ba0414238db717ee5d5764b8f21d70ec55bf344471668aa2e26aa.exe
- Size
  
  53.2MB
- MD5
  
  f874e846b3925066608d9101dd85ba05
- SHA1
  
  ed8c78e93b3652ffa125875d6c2243b741caa6c9
- SHA256
  
  5986174e705ba0414238db717ee5d5764b8f21d70ec55bf344471668aa2e26aa
- SHA512
  
  cbff7fc86268cb3f2e21b78f741e48300886fe945d6e17cfde7f777ddb311bd94c93c05da58db17b3de55cec25c32c63c2d689b0e08e224bdcdded3f63568962
- SSDEEP
  
  393216:9eWoIqVqixdQJlaF3MnG3xlpuM9Cr/sWy:daHxdQM3MGxukLW
Score

8^/10

collection credential_access discovery execution persistence privilege_escalation spyware stealer
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Clipboard Data
  Adversaries may collect data stored in the clipboard from users copying information within or between applications.
  collection
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Event Triggered Execution

Netsh Helper DLL

Privilege Escalation

Event Triggered Execution

Netsh Helper DLL

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Process Discovery

System Information Discovery

System Network Configuration Discovery

Wi-Fi Discovery

Lateral Movement

Collection

Clipboard Data

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

collectioncredential_accessdiscoveryexecutionpersistenceprivilege_escalationspywarestealer