71e7bbd92d365ce21e8eb3117032a58b5c4d4b7c88f77619fc03e8c8231e8fd7 | Triage

Submit
Reports

Overview

overview

7

Static

static

3

HarmWare.exe

windows7-x64

7

HarmWare.exe

windows10-2004-x64

7

Resubmissions

30-06-2024 19:45

240630-ygkxcstdkg 7

Sharing

General

Target

HarmWare.rar
Size

13.5MB
Sample

240630-ygkxcstdkg
MD5

907516f4ad5a6b86677146fad676db9a
SHA1

424f1e50aaf16e838699ae1b03652a03bcbe74c5
SHA256

71e7bbd92d365ce21e8eb3117032a58b5c4d4b7c88f77619fc03e8c8231e8fd7
SHA512

74a0caa4ba6d669e264ee965643ca8d6a03e8b5577a4ab89b35aeef66f9647429e0bdaca85c1e107386a63b6f5f34c898104b5fc75908d987e20ece24a1f0403
SSDEEP

393216:EncG+ERUHiFwKsJge3D58stxKb+2qmCjx4OmD+kf32q6XK:g3/MAsr8ox6+kgfkvH66

Score

7^/10

pyinstaller spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

HarmWare.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

600 seconds

Behavioral task

behavioral2

Sample

HarmWare.exe

Resource

win10v2004-20240611-en

spyware stealer

windows10-2004-x64

7 signatures

600 seconds

Malware Config

Targets

- Target
  
  HarmWare.exe
- Size
  
  13.8MB
- MD5
  
  22c9248245edf49a0eed0bc7ec21f4cd
- SHA1
  
  ddc6fd9acf9d4733241fd4548fc642863f7c05c6
- SHA256
  
  94105e6a1977eb38f8062e153a83bab9cb530abf402f9f0855f0089bb7584507
- SHA512
  
  37488bacef43748fce3be83f52ab79dc821ed4006979d9aa5b47a57582de7ea9e9afcbd4f92e06116fad0ff746b22c555b1776267a4bab4356e0795c85c16327
- SSDEEP
  
  393216:Cu7L/SIzY3xdQuslSl9DoWOv+9MMkq/z1:CCL68EdQu9xorvSMFq/z
Score

7^/10

spyware stealer
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy