Overview

overview

8

Static

static

URLScan

urlscan

https://github.com/S...

windows7-x64

8

https://github.com/S...

windows10-2004-x64

8

Analysis

  • max time kernel
    73s
  • max time network
    138s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27-09-2022 13:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/StevenHuerta/furry-lobster/raw/main/download.exe

Score
8/10
pyinstallerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Detects Pyinstaller 4 IoCs
    pyinstaller
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 30 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/StevenHuerta/furry-lobster/raw/main/download.exe
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1128
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1128 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1720
    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe
      "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2004
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe
        "C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2000

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    61c111813d85b9182699b0d6b2a42f75

    SHA1

    da3e20a4d946d373ba72df4e69e2a6e7f6ee4f3d

    SHA256

    8024d0672379f6f88e2a7f701de3ba74d00d224ba2f7f1133dc1a31f4d661510

    SHA512

    f57528d6975712fa5c66c727aa5adfa9f92f34b189bcec3ffccd8108ae03bf355308ff1803bdd215b01e1923d14623e34364632a413646062e59c2d539d0bfce

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe
    Filesize

    21.2MB

    MD5

    880f4f29ad4e503769dbc00cac987d47

    SHA1

    e18ff8cf9d7a5d45e7d9e4b9d319aed51087a4b4

    SHA256

    14c4d37227ae4820cbc1b386abd904ca50304b3ffc82f31dac7851b46d5fef2f

    SHA512

    6e64ac17a2eaf1e36b6151ee839045ce83e10ca59e81a156206adbd90e29726e4cb18ec4d0699d6295494af0e780882599f43702141b1445a8329da8db0a041f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe
    Filesize

    21.2MB

    MD5

    880f4f29ad4e503769dbc00cac987d47

    SHA1

    e18ff8cf9d7a5d45e7d9e4b9d319aed51087a4b4

    SHA256

    14c4d37227ae4820cbc1b386abd904ca50304b3ffc82f31dac7851b46d5fef2f

    SHA512

    6e64ac17a2eaf1e36b6151ee839045ce83e10ca59e81a156206adbd90e29726e4cb18ec4d0699d6295494af0e780882599f43702141b1445a8329da8db0a041f

    Download Submit
  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe.zxdgoa2.partial
    Filesize

    21.2MB

    MD5

    880f4f29ad4e503769dbc00cac987d47

    SHA1

    e18ff8cf9d7a5d45e7d9e4b9d319aed51087a4b4

    SHA256

    14c4d37227ae4820cbc1b386abd904ca50304b3ffc82f31dac7851b46d5fef2f

    SHA512

    6e64ac17a2eaf1e36b6151ee839045ce83e10ca59e81a156206adbd90e29726e4cb18ec4d0699d6295494af0e780882599f43702141b1445a8329da8db0a041f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI20042\python310.dll
    Filesize

    1.5MB

    MD5

    fd06363dde36c2a936fa551cac2e9a02

    SHA1

    832464285b0ea7e08f8a82b0beea17c213b89d76

    SHA256

    aa8225957264a0e04d219105fb7313a09ea536978ae23479649a3f81a110e976

    SHA512

    3df9b8a8ebe7d3232cedec043aa31e761470152b1a88c1bb0a4c6f484a96579c05faecbfa2e9d123b68ac905fe1e78fd2df78435172e524c3010aa8ac8438cbc

    Download Submit
  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\K5PMPL6X.txt
    Filesize

    598B

    MD5

    bd1d2b6adde58b9805270fa1c20cad67

    SHA1

    ee2822149a5f04c19bdecd1454276c2da2d91222

    SHA256

    7e397ce970677ee47a123794b5b31eab19120b2730ad65456ddc8ce26404c0f5

    SHA512

    01ac0fa58aa9d87336e7833234be0d9301f9679f947c1e0e0e9f31acb35ca9a799b163aa3aed2e195cbea7e7828b1c665a0763936601adc4ca75413df0b916e4

    Download Submit
  • \Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z4TAQ562\download.exe
    Filesize

    21.2MB

    MD5

    880f4f29ad4e503769dbc00cac987d47

    SHA1

    e18ff8cf9d7a5d45e7d9e4b9d319aed51087a4b4

    SHA256

    14c4d37227ae4820cbc1b386abd904ca50304b3ffc82f31dac7851b46d5fef2f

    SHA512

    6e64ac17a2eaf1e36b6151ee839045ce83e10ca59e81a156206adbd90e29726e4cb18ec4d0699d6295494af0e780882599f43702141b1445a8329da8db0a041f

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI20042\python310.dll
    Filesize

    1.5MB

    MD5

    fd06363dde36c2a936fa551cac2e9a02

    SHA1

    832464285b0ea7e08f8a82b0beea17c213b89d76

    SHA256

    aa8225957264a0e04d219105fb7313a09ea536978ae23479649a3f81a110e976

    SHA512

    3df9b8a8ebe7d3232cedec043aa31e761470152b1a88c1bb0a4c6f484a96579c05faecbfa2e9d123b68ac905fe1e78fd2df78435172e524c3010aa8ac8438cbc

    Download Submit
  • memory/2000-59-0x0000000000000000-mapping.dmp
    Download
  • memory/2000-64-0x000007FEF69B0000-0x000007FEF6E1F000-memory.dmp
    Filesize

    4.4MB

    Download
  • memory/2004-56-0x0000000000000000-mapping.dmp
    Download
  • memory/2004-58-0x000007FEFC211000-0x000007FEFC213000-memory.dmp
    Filesize

    8KB

    Download