Overview

overview

8

Static

static

3

Easy Hax.exe

windows7_x64

7

Easy Hax.exe

windows10-2004_x64

1

IP_Config.bat

windows7_x64

1

IP_Config.bat

windows10-2004_x64

1

IP_Spoofer.bat

windows7_x64

1

IP_Spoofer.bat

windows10-2004_x64

1

Stabilizer.bat

windows7_x64

8

Stabilizer.bat

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a22bb6c9f1fe7c242449edf809cc4765783662f961c1231d436deb20dc974c5e

  • Size

    10.3MB

  • Sample

    220524-vgj4aaacb8

  • MD5

    6e91467fe6c5777bae766da27ccc72af

  • SHA1

    82078e1062b79aabf4d7cd0abad006f640fe1f73

  • SHA256

    a22bb6c9f1fe7c242449edf809cc4765783662f961c1231d436deb20dc974c5e

  • SHA512

    bb2dcb7efc4ff1c9d974ca1a94e3733c7a8f7302823614586ede59e1c603a10fde59e00c9925534951359c11010963a0a7e78365b539449fcbf38517519c1b20

Score
8/10
pyinstallerspywarestealer

Malware Config

Targets

    • Target

      Easy Hax.exe

    • Size

      10.5MB

    • MD5

      1520d865c3e89574d5bda6869d547a74

    • SHA1

      9bc66d0cf8682c376642c8ce7f9d327b4f5ff4be

    • SHA256

      a8d7a30b62889c35ca0a9d2bfbeb02e5c8e71d7d9c64f1b2d30e921ae3a5d261

    • SHA512

      259902d6c9736761eefd234c95817f5ec7f5f959b2f93a2f447086191b6ffdaa9c03d26483f6c278216bced0aa9efde891721e09fd9d9915040bf578394f43df

    Score
    7/10

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      IP_Config.bat

    • Size

      184B

    • MD5

      698cdfec3ca125d6c49b92fa5cdf5ca9

    • SHA1

      8a5536583f86339eaa4fca9715b2fae73e0e619f

    • SHA256

      3cb303cc7d5dd02f42a7e87ebd0914f176441ab2ccd42c1f61496dda3cf28e03

    • SHA512

      9fe5cc26b8616fc86efd5f49761dfd2f7f864a730ec872e2211fd54376e3706f3c00a630fb1b2849a5a3f5f8cd7c546db670cece977b678c29a75d8be9e81ddd

    Score
    1/10
    behavioral3behavioral4

    • Target

      IP_Spoofer.bat

    • Size

      282B

    • MD5

      4048b6cf9be730c27e34e530e6462c5a

    • SHA1

      f2a0ad5815e9255e6a98aebebf87525b65c984c8

    • SHA256

      4ac41475c9348c242f6e32f35af952a7a38a08acd37d729741b6ecab3f0c05e7

    • SHA512

      313398ce2bef2619d7a26a6bd0996ab20269d314ec3ced893b9d21bd995e307154b788d45bf14771c400ff83fe8525016072c69fdbcff23280970c0ee9b334de

    Score
    1/10
    behavioral5behavioral6

    • Target

      Stabilizer.bat

    • Size

      1KB

    • MD5

      5f04adb090d19b9b123be50c0e2289de

    • SHA1

      6c01f946bf8dc0ffcd35ae050ff83cf74a663471

    • SHA256

      eb0152ab3e3205c58e453618670a15725eaf03337a20acdd4c24921f4f38a775

    • SHA512

      18b98fec45debba76b0a0de818defffdc98b67d440cba24c0482dbd848615d64b20755f6ee59d671de4b3516b1b63034c89a57e0e41a7728cca3e72b64a18814

    Score
    8/10
    spywarestealer

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks