Overview

overview

7

Static

static

3

klux [BETA].exe

windows7-x64

7

klux [BETA].exe

windows10-2004-x64

7

cstealer.pyc

windows7-x64

3

cstealer.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    klux [BETA].exe

  • Size

    9.0MB

  • Sample

    240630-yweznaxdnj

  • MD5

    e2b784eadf51d9952cefc49fba3bb235

  • SHA1

    19559ff7cf732619d021743d53171114ea10db1d

  • SHA256

    bcd1cb815a9960f88dd5571fdf28126f05bef4c5a8dc26ddac4a2f39556968e7

  • SHA512

    7b2f7f8238416800de4a2d96254eaf26f91315bf83728aa54b3e71a53a1d5dfdd4b4ce56cacd2ed498914d18e153c436f7e9b89d3bed1b09a277046a3e6c7578

  • SSDEEP

    196608:ktu78K/1+jnXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKeSE06j2Aj+:yu7L/8dQusl29foWOv+9rz02A

Score
7/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      klux [BETA].exe

    • Size

      9.0MB

    • MD5

      e2b784eadf51d9952cefc49fba3bb235

    • SHA1

      19559ff7cf732619d021743d53171114ea10db1d

    • SHA256

      bcd1cb815a9960f88dd5571fdf28126f05bef4c5a8dc26ddac4a2f39556968e7

    • SHA512

      7b2f7f8238416800de4a2d96254eaf26f91315bf83728aa54b3e71a53a1d5dfdd4b4ce56cacd2ed498914d18e153c436f7e9b89d3bed1b09a277046a3e6c7578

    • SSDEEP

      196608:ktu78K/1+jnXdQmRJ8dA6l7aycBIGpEGo6hTOv+QKeSE06j2Aj+:yu7L/8dQusl29foWOv+9rz02A

    Score
    7/10
    spywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      cstealer.pyc

    • Size

      39KB

    • MD5

      bbb61d55d0cbadd6b90e90b8660c7ba5

    • SHA1

      9ad527366f65f5764b3e730ecaebebbf787d0716

    • SHA256

      edd29cdb80faedc9f730c70d4c3380a21fa5492281734405db7cb8c140044956

    • SHA512

      9e558b29aa850b560c5713fb3dfe32657f3dab11544013f8f38701c5e5525dcd3ae589a99c71446dd54bd8767d9d6c266dcf14c679c435ecb221dd94b8f6290b

    • SSDEEP

      768:fuFYat61k17WnMAF+5JsylM3jp7UBHcxoZUM4PqVfqrY9Wygqxie1HrKl4HYi7ey:epQkW+JsyC3FpOUM6qVirY9WygWiCu1S

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks