Overview
overview
10Static
static
10Innovatoz/...oz.bat
windows7-x64
10Innovatoz/...oz.bat
windows10-2004-x64
1Innovatoz/menu.py
windows7-x64
3Innovatoz/menu.py
windows10-2004-x64
3Innovatoz/menu2.py
windows7-x64
3Innovatoz/menu2.py
windows10-2004-x64
3Innovatoz/menu3.py
windows7-x64
3Innovatoz/menu3.py
windows10-2004-x64
3Innovatoz/...de.exe
windows7-x64
7Innovatoz/...de.exe
windows10-2004-x64
7Innovatoz/...in.bat
windows7-x64
1Innovatoz/...in.bat
windows10-2004-x64
3Innovatoz/...es.exe
windows7-x64
7Innovatoz/...es.exe
windows10-2004-x64
7Innovatoz/...es.exe
windows7-x64
7Innovatoz/...es.exe
windows10-2004-x64
7Innovatoz/...gs.exe
windows7-x64
10Innovatoz/...gs.exe
windows10-2004-x64
10Innovatoz/runner.bat
windows7-x64
10Innovatoz/runner.bat
windows10-2004-x64
10General
-
Target
Innovatoz.zip
-
Size
44.9MB
-
Sample
230331-yhrfjach67
-
MD5
4083ed764133f576148e56f1d489a19a
-
SHA1
00458ebe44db9d2a7fde393de41d7c0103e2146a
-
SHA256
9475d84b7704e5f856f251c061ed7bd3c858829ff1c80741c1b5c36af5471edc
-
SHA512
9d656c5122defb3ed526ba74789fceb040c38e9167ad2786f7bf543b4acc2987e0a9037f9731033611511e0546dcc8e423420be74885a9c9f6bd1b4bb0630a5a
-
SSDEEP
786432:d45AgZnZI0Oms1nNa8NSBwbs+DWPCDVNBWavRDvUE2d4brW+ixv3bPrnwOVnKlM:dmtnZIysNs8Ys1WGVNBWURRO4bS1vrD9
Behavioral task
behavioral1
Sample
Innovatoz/Innovatoz.bat
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Innovatoz/Innovatoz.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
Innovatoz/menu.py
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Innovatoz/menu.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Innovatoz/menu2.py
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Innovatoz/menu2.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Innovatoz/menu3.py
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Innovatoz/menu3.py
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Innovatoz/ressources/code.exe
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Innovatoz/ressources/code.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Innovatoz/ressources/explain.bat
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Innovatoz/ressources/explain.bat
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Innovatoz/ressources/properties.exe
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
Innovatoz/ressources/properties.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
Innovatoz/ressources/ressources.exe
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
Innovatoz/ressources/ressources.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
Innovatoz/ressources/settings.exe
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
Innovatoz/ressources/settings.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
Innovatoz/runner.bat
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
Innovatoz/runner.bat
Resource
win10v2004-20230220-en
Malware Config
Extracted
stealerium
https://discord.com/api/webhooks/1084268536513441892/Ev0RVleHBkKacsdmMZyVjiHoNcgq9YTQe6V0DWujQJR59Iu-Oy3G8rVC1GGDYUs2x_H9
Targets
-
-
Target
Innovatoz/Innovatoz.bat
-
Size
385B
-
MD5
54435389c5f490843e04469990581b93
-
SHA1
f7f2f7c3ca41c9899db892b21565d476f432564d
-
SHA256
1e6257ddcb9683f0b7f4c1eeaadad18d3d0a7d03852330ee980a9f5ca7abfa66
-
SHA512
4e97fbea4b1a2a13f9899184548f97ba9615fc456f9f66b11d1fd84ab21969b0b50b415a2c001d2f97419d948b826a6f05a1de67eddbf4e0d425d1533dc1e0ea
Score10/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Innovatoz/menu.py
-
Size
1KB
-
MD5
baf178d0c3433be892efa44d87a3f74a
-
SHA1
6f69e189557eb356179da7ef0ef51e929ffb39a0
-
SHA256
41254654f79e5447796e3da1af5ce37d8d3895b0672d427d0e9133d66dd733ee
-
SHA512
b9ac393e7924baae2c33ee8371ee720f29be2722b18a9f80776b2780bff654c20a0d1c32b7b2642fa027fd64e949bbdd0b4debf54b948c5c73ccbda64245b04c
Score3/10 -
-
-
Target
Innovatoz/menu2.py
-
Size
194B
-
MD5
29843c0eb23d2985ff5a201de3aa45c9
-
SHA1
7bd0922bfee51ade260a93310c4ad6b2ed7fa50c
-
SHA256
baf89706c17b8f63a81d8fb52a1a3b4e9fa2c76715ecff5d70985fac4a2a8964
-
SHA512
693ea9db688d4375e2bd410f82d1f5ecefe9ca1c44ee030c00fe66b083ac9a1aed47eec550c0f59686b725e304bdfc7ee654f48f52427f3c606405833ce4a505
Score3/10 -
-
-
Target
Innovatoz/menu3.py
-
Size
794B
-
MD5
edca4a48ff54d1256bd7d855820a8b85
-
SHA1
7865458e4861ba6bfc00a1329487c0c24602650f
-
SHA256
bda1b41b96bf6af1232491c61e2d9d4497e641c76c75aba0f3cff5879552eafe
-
SHA512
20ff9f225e8e4b2165d3cb58fd8cf79429bb8d869fb21f3fd8eae0e2d5147f34fa1012cf13e3a4b4556e19652502af813da4d187697b673d6f54c9ec12d06c84
Score3/10 -
-
-
Target
Innovatoz/ressources/code.exe
-
Size
18.7MB
-
MD5
0d3f1aaffe09ccf0b4d15ca851ca6dc7
-
SHA1
41f59136b197c57bbcb54ea84a70fd61328c0319
-
SHA256
7a4b1d87e7197783e6db97b841f8c44046ace654b5a2696517cef147bdbac7bd
-
SHA512
df955f917e363caed0ab6caebf82e7f2776be38b52f145bf8e39fa3d8da7243f9b449fe285c50955cf17a518a4fa45bb88acb188d08518ad291275ada93f4614
-
SSDEEP
393216:KqPuYXJByot6k/m3pgDOEkSgsYTEaiqeb3r:fPuYXJByo0kKlAYwag3r
Score7/10-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Innovatoz/ressources/explain.bat
-
Size
4KB
-
MD5
1f9799efbf02fa5ffe0d88e88acb1eab
-
SHA1
686c7b2d95bccf2b85f7b9df95f6aafb8e232e03
-
SHA256
b9a5cbf9b4a91aabc8d4499ba4295c2da177282772023ceee7100eda7ce0cf58
-
SHA512
b536ef429175f8554c538ce6557baf3ac02f8053517bbcbb05d517ebcab04fd0fb20fd43fbbe00fe2550b971ff31c13804393edef8a4cfc2bde09545f8b43369
-
SSDEEP
96:9yqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqfqqqqqqqqqqqqqqqqqqqqI:Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk
Score3/10 -
-
-
Target
Innovatoz/ressources/properties.exe
-
Size
17.3MB
-
MD5
ce24e869f11e4ea6f6eae1cef970dce8
-
SHA1
fc1c5a2682a7eb8e42059d7d1a32f416c1a780c6
-
SHA256
bdb0afa0902c1a0f80c3def4a4633d47c227cab70d8fae75186bde648e99b54c
-
SHA512
53be1778ce0cd55e1410758d0bf189c73b07c0bff3f6d7f1df4ae0a6e7ce866c4638fa470e06805aef8be385ab9bc75000f015d65792d2dc8e07024c58eceaf6
-
SSDEEP
393216:vZqPuYXgnAu0p9Bh3t6IDOE+gsYTgZRyQU0GD04FwYqi6y:IPuYXgnA9p9Bh30NZYCR9U0GDzFlZ6y
-
Drops startup file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
-
-
Target
Innovatoz/ressources/ressources.exe
-
Size
8.0MB
-
MD5
0901c4e0e2e54eaea85c4be98d774da5
-
SHA1
0cfafa9e05f4f03078867366e27b109ee8f7214c
-
SHA256
5399d0ff1f155a930fb1923a623105b49b51c32a7be68c1892c06b59a5e460f8
-
SHA512
ca12ec905d7888326a151f5fc3ca6090864b4a94815763c458d899805b78eed84fff5be93d7831cf2f7683fe3eab4a8afd061e5369f4aa80a497fb4b30167cf0
-
SSDEEP
196608:68pb7KX/RdKhq6deNWFJMIDJhgsAGKAnjRF99G4ozu0WPR:zYX5kGWFqyhgs19PE4+RM
Score7/10-
Loads dropped DLL
-
-
-
Target
Innovatoz/ressources/settings.exe
-
Size
1.5MB
-
MD5
c261bc5776da8ad95a63bd11e03e6b55
-
SHA1
7ec9ef39584a80c7a00347bcbee72c905a019275
-
SHA256
3be0dd7fed8cbb6fc0d5b8fe05cb47d4b6bbbbbcda5a204ba0ddd7aa2b51034a
-
SHA512
4f2cdc75cd93d6a20e2f5bf9cc1d8854d599e7b06c1950a71887ba94446efb6e6f81fddea40520eb0a61a3a026f8d3b53fbc69990daecaa82e5234a96e5ada19
-
SSDEEP
24576:g03i2Q9NXw2/wPOjdGxYqfw+Jwz/S/6RZs8nVW6k5JHkARt7DBAqnN:vSTq24GjdGSgw+W7SCRnVQTEQ/BA8
Score10/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
Innovatoz/runner.bat
-
Size
676B
-
MD5
fec0f49ab0b0cab8f2eaa6cf3560a52f
-
SHA1
dc8e8319d64b4d5a1b2e793b0bd7a068c43ea026
-
SHA256
ff7860a99ebb958e9773b06e7a390bcc9159edcb417e695667b9584407ee6c2b
-
SHA512
7328b8777b650e83246e6537e6190ee0e33800e054ffbbd19d4bf06883e734f97a8143afc4d15938bfe298d1784247c37bbe71da3aea371bea4883ccefd26b9b
Score10/10-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-