cb1fa16f15aaef090a93ee7924607781bca317857aee6ef9e0a1fe34e3b38b5f

Sharing

Copy URL

Twitter E-mail

General

Target

Turtlee.games.rar
Size

6.3MB
Sample

210627-gnn4vk9sne
MD5

23a202d1ab0371f1203329c263ecf2c6
SHA1

4eb1b897bbc4b67d70926283be1547efb6e7e5e6
SHA256

cb1fa16f15aaef090a93ee7924607781bca317857aee6ef9e0a1fe34e3b38b5f
SHA512

5fc42d545331affadca7b82d551946e89aa6dca9d341ff8bb502dc3a3d2860aa73e4fa5628a825c093e570757c7db455fc9795a34753eee3631baa41f174cd3e

Score

7^/10

Malware Config

Targets

- Target
  
  Turtlee.games/Turtlee.games.exe
- Size
  
  2.0MB
- MD5
  
  9c05c0081959c49e9a4f117f95aaf326
- SHA1
  
  1872b4c0f35c439a54d99b36fc476acb2e0b1e87
- SHA256
  
  b5d8aefa3a39ccbff01ce2e1ca76706a9b11415807e531f8f903f35e20622b65
- SHA512
  
  eb21a451484252b2de78614a0eaf70db23ff6c7e0b813ffdd1c331c58accdd188043fc7ce6d3fac0a574c6f40674c6b336bfb09f80a49832a834865dba8273d3
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Legitimate hosting services abused for malware hosting/C2
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2
- Target
  
  Turtlee.games/Turtlee.games.exe.manifest
- Size
  
  1KB
- MD5
  
  463de6f0f24965acc91253f73d85a4a7
- SHA1
  
  07641d704233f28ecc628f8315da01821e70fd2f
- SHA256
  
  29537254e37ffecd6ac573ee6475966ca0d40ebb090ce5390703e7cad585b14b
- SHA512
  
  6c558143e3d969b1fb09cc4dcd18e4c6f13a4e275bdfd0ef8b79b89f2cfbba44a6e828ec29d8d8fedaadd0acb3f98e6daafc03123ce1459188195d60572e09d6
Score

1^/10
behavioral3 behavioral4
- Target
  
  Turtlee.games/VCRUNTIME140.dll
- Size
  
  91KB
- MD5
  
  7942be5474a095f673582997ae3054f1
- SHA1
  
  e982f6ebc74d31153ba9738741a7eec03a9fa5e8
- SHA256
  
  8ee6b49830436ff3bec9ba89213395427b5535813930489f118721fd3d2d942c
- SHA512
  
  49fbc9d441362b65a8d78b73d4fdcf988f22d38a35a36a233fcd54e99e95e29b804be7eabe2b174188c7860ebb34f701e13ed216f954886a285bed7127619039
Score

3^/10
behavioral5 behavioral6
- Target
  
  Turtlee.games/_asyncio.pyd
- Size
  
  63KB
- MD5
  
  3a5fbfdc3091114488bc30cc1873365b
- SHA1
  
  a4da519a41ce499430f5fea6f731f59b41e8031d
- SHA256
  
  a055e2b17cba4199b48db6848e44543399870958f49b1afce10534c46298ef2a
- SHA512
  
  00e08a09f7124e3e300a834796cc106ce07f8801749dc2ce451d5397ed822c2b3c602c20344b44c608c4fc0048cac6897748daab91d80a1be877a9c44e531dc1
Score

3^/10
behavioral7 behavioral8
- Target
  
  Turtlee.games/_bz2.pyd
- Size
  
  84KB
- MD5
  
  5a8b3602b3560868bd819b10c6343874
- SHA1
  
  73a5ce4d07479894f24b776eb387abd33deb83a9
- SHA256
  
  00d2f34aee55b473bcc11838469b94a62d01fdf4465e19f7d7388c79132f019e
- SHA512
  
  2f2f8305fd8853c479b5d2a442110efc3ad41a3c482cd554ebcc405fcf097e230f5cd45dbfb44050b5bd6fae662ce7cac0583c9784050f0c7d09a678768587db
Score

3^/10
behavioral9 behavioral10
- Target
  
  Turtlee.games/_ctypes.pyd
- Size
  
  124KB
- MD5
  
  e1ef9f5c77b01c82cf72522ec96b2a11
- SHA1
  
  e83daa56a104f6ea6235822c644b6554c3958cfe
- SHA256
  
  a79cf8259890d5843cf8eaf29db8dbd4bfabed50f4d859756f93ac2b30617023
- SHA512
  
  4231ec5b06effae6497bf62853b79420529cabaee6b58f519c3c30bdd42c925e85979c29c2db0747dcff3f99f3b19dc02ece96347e08cf49eb0abb1e19238c01
Score

3^/10
behavioral11 behavioral12
- Target
  
  Turtlee.games/_decimal.pyd
- Size
  
  264KB
- MD5
  
  77510dba8f87d26741d0a2501d61ad48
- SHA1
  
  fff70ddcbb5ddf34419a4196a341bfff52d2d3ee
- SHA256
  
  6c5ba4ad0c7b89b83e2a0a2c6cc4927992aa0adc449eea6aacaaff2b55f544f6
- SHA512
  
  9b84491bfbb5523b9c73580a8e434ad87a0ccc540fe9d522ee97324c9c20a68d1f45adc712dadd2d3966c4d613ad40b8000a2de4b44a7268020e461d21abf284
Score

3^/10
behavioral13 behavioral14
- Target
  
  Turtlee.games/_hashlib.pyd
- Size
  
  64KB
- MD5
  
  8f7edaff246c46dbf09ab5554b918b37
- SHA1
  
  c14c33b14419f5d24fb36e5f1bf1760a9c63228b
- SHA256
  
  9154b36c178d84a901edad689a53148451ef3c851a91447a0654f528a620d944
- SHA512
  
  1947a1010fa1b07671aa471d5821792dee7f2b0cd1937d3f944cd0201a299e6cb37a41debbbd1bc6e774186f6d08ad6264055cba7652b0d5bd22691431cb360e
Score

3^/10
behavioral15 behavioral16
- Target
  
  Turtlee.games/_lzma.pyd
- Size
  
  159KB
- MD5
  
  caa58290ab4414e2e22cc0b6ff4b2d29
- SHA1
  
  840902aaf7db40da17018776e5c842014c3a81ac
- SHA256
  
  185d407bcca7399c458133f2ce1efa938352b8093b2de040c91c3c3088ab173f
- SHA512
  
  a82e380ab1676424e52a36c08eabd572375dd36a7fe2b9df51d48c368aed6c04b0b3674bc6a9787efedd0ed70bb1869ed1a2f3a1f4238485710092b9cbadd00e
Score

3^/10
behavioral17 behavioral18
- Target
  
  Turtlee.games/_multiprocessing.pyd
- Size
  
  29KB
- MD5
  
  bc608ce15ef2a69c79ff9ffd5f5f074a
- SHA1
  
  3034bf16a074bfc35764749165c7a7853ba595b9
- SHA256
  
  25857b22fbb275fc2524dfc468731912f93bb52a744fd20410eb29ec6986fc8e
- SHA512
  
  397049a1c223b093a96d0490e1ce2e542f85cc878c1753454671b782873c61653162f5be4689072647cc7d9779baefa91e315049982924cd6f1799d77b8dffa5
Score

3^/10
behavioral19 behavioral20
- Target
  
  Turtlee.games/_overlapped.pyd
- Size
  
  45KB
- MD5
  
  60af9df3c5d25c193d73a566e763b0b8
- SHA1
  
  a87c3285ff6f59528611f42577d30dbf35827b45
- SHA256
  
  c63632bf1b28f7f1007ff093a9ef3d034cb9480fc373c29e06a407b223b6ddff
- SHA512
  
  57c33929ec284013e88696ab7c099d570d0211d99f8e2027f1d8db9ae66810ccba6992959a2d543929f59bfc67cc4d1cc9264046e02df9cd119c3b1d2ec41a20
Score

3^/10
behavioral21 behavioral22
- Target
  
  Turtlee.games/_queue.pyd
- Size
  
  28KB
- MD5
  
  671a9ac9b34f07ada65bf1635e4626c5
- SHA1
  
  d4a6e478caaacdbdb52f57d12e16ba96671d30f2
- SHA256
  
  3f1fc09b3f0a5c8c7aff4223d002952ab26f462aa390940a9f00454815204739
- SHA512
  
  92617258ef747f93ab2c378f5c9a2aac14668d834df15939c1ef83a555490b9ee3380d7341bee60c33057482736a595593749b8794ddeaa9649339363095108c
Score

3^/10
behavioral23 behavioral24
- Target
  
  Turtlee.games/_ssl.pyd
- Size
  
  150KB
- MD5
  
  39919e97dc418e0099b2a0bb332a8c77
- SHA1
  
  f04c9d78b3d5e2a95ea3535c363d8b05d666d39e
- SHA256
  
  b38b09bf0421b1f49338ded8021d7bc56be19902d9b21a9b6e9c8df448f93eb2
- SHA512
  
  f179ebe84ae065ed63e71f2855b2b69cdedfc8be70dace0eb07c8b191768eace1312562e27e77492481f214f85d31f35c88c2b1f7a3881cee9dffffa7ffc668a
Score

1^/10
behavioral25 behavioral26
- Target
  
  encodings/cp1255.pyc
- Size
  
  2KB
- MD5
  
  fce0d534a2c804374741e7e898ac8c8c
- SHA1
  
  a99c77a7a23eefcf6c110913d6ecd95cf123d61e
- SHA256
  
  9565822bb313969c633b1a4aeab54329aa14fcca63ebfe35c9221e368196d0eb
- SHA512
  
  3fbfa22ef68fcd267b656ead060039b5239e672dcdf1ed9f92e08c46328b28dfcdef14426fe49e7346aef54d3244650c67982eac4dffc1cd77156a68ef67aba6
Score

3^/10
behavioral27 behavioral28
- Target
  
  encodings/cp1256.pyc
- Size
  
  2KB
- MD5
  
  7abf6cc5920b3f43a4cdbffe17fd4cd8
- SHA1
  
  f338f85d50a5fb7126fc15c5552fe1966e48c24a
- SHA256
  
  e541416b8d0bd827bac6fe214d75af1ff0f2e10bd2b01837f723fe36ed3652d6
- SHA512
  
  e5f9ea0ad456e7798e3270ad546ce01cf034495dbdaf8828b359973cbc12962d1e543472f7541d571294f7489b4acccaaecb5383163a1898d58a3ab9df2b4e57
Score

3^/10
behavioral29 behavioral30
- Target
  
  encodings/cp1257.pyc
- Size
  
  2KB
- MD5
  
  b601f8d41cfe2aaa0751cb0e74ec80f9
- SHA1
  
  b7650fa7e33a92f560fa64651fa925e21bf807df
- SHA256
  
  e788672ae4b9a6a5fc227a2ffc5364605662c413b5afb8f9f294ed90ac7db36c
- SHA512
  
  5f155a36c7e1bc10e9903d8be752935440b642d6fed8d0d23b13ffa4cd10b454df77b2c8640cae92ada4c97bb14a970464856d8cf12e39a190cb83f282e3e6e1
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Web Service

T1102

Impact

Tasks

Sharing

General

Malware Config

Targets

Reads user/profile data of web browsers

Legitimate hosting services abused for malware hosting/C2

Looks up external IP address via web service

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32