Overview

overview

10

Static

static

10

Innovatoz/...oz.bat

windows7-x64

10

Innovatoz/...oz.bat

windows10-2004-x64

1

Innovatoz/menu.py

windows7-x64

3

Innovatoz/menu.py

windows10-2004-x64

3

Innovatoz/menu2.py

windows7-x64

3

Innovatoz/menu2.py

windows10-2004-x64

3

Innovatoz/menu3.py

windows7-x64

3

Innovatoz/menu3.py

windows10-2004-x64

3

Innovatoz/...de.exe

windows7-x64

7

Innovatoz/...de.exe

windows10-2004-x64

7

Innovatoz/...in.bat

windows7-x64

1

Innovatoz/...in.bat

windows10-2004-x64

3

Innovatoz/...es.exe

windows7-x64

7

Innovatoz/...es.exe

windows10-2004-x64

7

Innovatoz/...es.exe

windows7-x64

7

Innovatoz/...es.exe

windows10-2004-x64

7

Innovatoz/...gs.exe

windows7-x64

10

Innovatoz/...gs.exe

windows10-2004-x64

10

Innovatoz/runner.bat

windows7-x64

10

Innovatoz/runner.bat

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Innovatoz.zip

  • Size

    44.9MB

  • Sample

    230331-yhrfjach67

  • MD5

    4083ed764133f576148e56f1d489a19a

  • SHA1

    00458ebe44db9d2a7fde393de41d7c0103e2146a

  • SHA256

    9475d84b7704e5f856f251c061ed7bd3c858829ff1c80741c1b5c36af5471edc

  • SHA512

    9d656c5122defb3ed526ba74789fceb040c38e9167ad2786f7bf543b4acc2987e0a9037f9731033611511e0546dcc8e423420be74885a9c9f6bd1b4bb0630a5a

  • SSDEEP

    786432:d45AgZnZI0Oms1nNa8NSBwbs+DWPCDVNBWavRDvUE2d4brW+ixv3bPrnwOVnKlM:dmtnZIysNs8Ys1WGVNBWURRO4bS1vrD9

Score
10/10
stealeriumpyinstallerspywarestealerupx

Malware Config

Extracted

Family

stealerium

C2

https://discord.com/api/webhooks/1084268536513441892/Ev0RVleHBkKacsdmMZyVjiHoNcgq9YTQe6V0DWujQJR59Iu-Oy3G8rVC1GGDYUs2x_H9

Targets

    • Target

      Innovatoz/Innovatoz.bat

    • Size

      385B

    • MD5

      54435389c5f490843e04469990581b93

    • SHA1

      f7f2f7c3ca41c9899db892b21565d476f432564d

    • SHA256

      1e6257ddcb9683f0b7f4c1eeaadad18d3d0a7d03852330ee980a9f5ca7abfa66

    • SHA512

      4e97fbea4b1a2a13f9899184548f97ba9615fc456f9f66b11d1fd84ab21969b0b50b415a2c001d2f97419d948b826a6f05a1de67eddbf4e0d425d1533dc1e0ea

    Score
    10/10
    stealeriumstealerupx

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      Innovatoz/menu.py

    • Size

      1KB

    • MD5

      baf178d0c3433be892efa44d87a3f74a

    • SHA1

      6f69e189557eb356179da7ef0ef51e929ffb39a0

    • SHA256

      41254654f79e5447796e3da1af5ce37d8d3895b0672d427d0e9133d66dd733ee

    • SHA512

      b9ac393e7924baae2c33ee8371ee720f29be2722b18a9f80776b2780bff654c20a0d1c32b7b2642fa027fd64e949bbdd0b4debf54b948c5c73ccbda64245b04c

    Score
    3/10
    behavioral3behavioral4

    • Target

      Innovatoz/menu2.py

    • Size

      194B

    • MD5

      29843c0eb23d2985ff5a201de3aa45c9

    • SHA1

      7bd0922bfee51ade260a93310c4ad6b2ed7fa50c

    • SHA256

      baf89706c17b8f63a81d8fb52a1a3b4e9fa2c76715ecff5d70985fac4a2a8964

    • SHA512

      693ea9db688d4375e2bd410f82d1f5ecefe9ca1c44ee030c00fe66b083ac9a1aed47eec550c0f59686b725e304bdfc7ee654f48f52427f3c606405833ce4a505

    Score
    3/10
    behavioral5behavioral6

    • Target

      Innovatoz/menu3.py

    • Size

      794B

    • MD5

      edca4a48ff54d1256bd7d855820a8b85

    • SHA1

      7865458e4861ba6bfc00a1329487c0c24602650f

    • SHA256

      bda1b41b96bf6af1232491c61e2d9d4497e641c76c75aba0f3cff5879552eafe

    • SHA512

      20ff9f225e8e4b2165d3cb58fd8cf79429bb8d869fb21f3fd8eae0e2d5147f34fa1012cf13e3a4b4556e19652502af813da4d187697b673d6f54c9ec12d06c84

    Score
    3/10
    behavioral7behavioral8

    • Target

      Innovatoz/ressources/code.exe

    • Size

      18.7MB

    • MD5

      0d3f1aaffe09ccf0b4d15ca851ca6dc7

    • SHA1

      41f59136b197c57bbcb54ea84a70fd61328c0319

    • SHA256

      7a4b1d87e7197783e6db97b841f8c44046ace654b5a2696517cef147bdbac7bd

    • SHA512

      df955f917e363caed0ab6caebf82e7f2776be38b52f145bf8e39fa3d8da7243f9b449fe285c50955cf17a518a4fa45bb88acb188d08518ad291275ada93f4614

    • SSDEEP

      393216:KqPuYXJByot6k/m3pgDOEkSgsYTEaiqeb3r:fPuYXJByo0kKlAYwag3r

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral10behavioral9

    • Target

      Innovatoz/ressources/explain.bat

    • Size

      4KB

    • MD5

      1f9799efbf02fa5ffe0d88e88acb1eab

    • SHA1

      686c7b2d95bccf2b85f7b9df95f6aafb8e232e03

    • SHA256

      b9a5cbf9b4a91aabc8d4499ba4295c2da177282772023ceee7100eda7ce0cf58

    • SHA512

      b536ef429175f8554c538ce6557baf3ac02f8053517bbcbb05d517ebcab04fd0fb20fd43fbbe00fe2550b971ff31c13804393edef8a4cfc2bde09545f8b43369

    • SSDEEP

      96:9yqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqfqqqqqqqqqqqqqqqqqqqqI:Qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqk

    Score
    3/10
    behavioral11behavioral12

    • Target

      Innovatoz/ressources/properties.exe

    • Size

      17.3MB

    • MD5

      ce24e869f11e4ea6f6eae1cef970dce8

    • SHA1

      fc1c5a2682a7eb8e42059d7d1a32f416c1a780c6

    • SHA256

      bdb0afa0902c1a0f80c3def4a4633d47c227cab70d8fae75186bde648e99b54c

    • SHA512

      53be1778ce0cd55e1410758d0bf189c73b07c0bff3f6d7f1df4ae0a6e7ce866c4638fa470e06805aef8be385ab9bc75000f015d65792d2dc8e07024c58eceaf6

    • SSDEEP

      393216:vZqPuYXgnAu0p9Bh3t6IDOE+gsYTgZRyQU0GD04FwYqi6y:IPuYXgnA9p9Bh30NZYCR9U0GDzFlZ6y

    Score
    7/10
    upxspywarestealer

    • Drops startup file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral13behavioral14

    • Target

      Innovatoz/ressources/ressources.exe

    • Size

      8.0MB

    • MD5

      0901c4e0e2e54eaea85c4be98d774da5

    • SHA1

      0cfafa9e05f4f03078867366e27b109ee8f7214c

    • SHA256

      5399d0ff1f155a930fb1923a623105b49b51c32a7be68c1892c06b59a5e460f8

    • SHA512

      ca12ec905d7888326a151f5fc3ca6090864b4a94815763c458d899805b78eed84fff5be93d7831cf2f7683fe3eab4a8afd061e5369f4aa80a497fb4b30167cf0

    • SSDEEP

      196608:68pb7KX/RdKhq6deNWFJMIDJhgsAGKAnjRF99G4ozu0WPR:zYX5kGWFqyhgs19PE4+RM

    Score
    7/10
    upx

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral15behavioral16

    • Target

      Innovatoz/ressources/settings.exe

    • Size

      1.5MB

    • MD5

      c261bc5776da8ad95a63bd11e03e6b55

    • SHA1

      7ec9ef39584a80c7a00347bcbee72c905a019275

    • SHA256

      3be0dd7fed8cbb6fc0d5b8fe05cb47d4b6bbbbbcda5a204ba0ddd7aa2b51034a

    • SHA512

      4f2cdc75cd93d6a20e2f5bf9cc1d8854d599e7b06c1950a71887ba94446efb6e6f81fddea40520eb0a61a3a026f8d3b53fbc69990daecaa82e5234a96e5ada19

    • SSDEEP

      24576:g03i2Q9NXw2/wPOjdGxYqfw+Jwz/S/6RZs8nVW6k5JHkARt7DBAqnN:vSTq24GjdGSgw+W7SCRnVQTEQ/BA8

    Score
    10/10
    stealeriumstealer

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral17behavioral18

    • Target

      Innovatoz/runner.bat

    • Size

      676B

    • MD5

      fec0f49ab0b0cab8f2eaa6cf3560a52f

    • SHA1

      dc8e8319d64b4d5a1b2e793b0bd7a068c43ea026

    • SHA256

      ff7860a99ebb958e9773b06e7a390bcc9159edcb417e695667b9584407ee6c2b

    • SHA512

      7328b8777b650e83246e6537e6190ee0e33800e054ffbbd19d4bf06883e734f97a8143afc4d15938bfe298d1784247c37bbe71da3aea371bea4883ccefd26b9b

    Score
    10/10
    stealeriumstealerupx

    • Stealerium

      An open source info stealer written in C# first seen in May 2022.

      stealerstealerium

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral19behavioral20

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

4
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

2
T1081

Discovery

System Information Discovery

7
T1082

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

Process Discovery

2
T1057

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Web Service

4
T1102

Impact

Tasks