Overview
overview
10Static
static
10TwitchFoll...ks.exe
windows10-2004-x64
1TwitchFoll...pt.exe
windows10-2004-x64
1TwitchFoll...pt.exe
windows10-2004-x64
1TwitchFoll...er.exe
windows10-2004-x64
1TwitchFoll...ui.exe
windows10-2004-x64
7TwitchFoll...ce.exe
windows10-2004-x64
7TwitchFoll...er.exe
windows10-2004-x64
1TwitchFoll...er.exe
windows10-2004-x64
7General
-
Target
TwitchFollowBotbyKuroCracks.zip
-
Size
388.3MB
-
Sample
230429-nh736scg3w
-
MD5
8e2f765151645545bd465aecc9970ec9
-
SHA1
b7f297d37f01a7830cf09bb2f5b97011721f0656
-
SHA256
08199dd6a39908c277dfbcdd1db5144e1516bda9108fa22c8567e3ec0dc73574
-
SHA512
e4ef033d94376b52cfe5cf12402b0b77f560b6a6a23b204e808d7dd139cf264c6da38bfa03116bc3b3cde613947697e5f7e8efb7bdbc1be7d5bf979cfd7faa84
-
SSDEEP
12582912:Ih/KCfvybcHQksRWUVgpk5fC1U7VtKIm/fO:0/JvyWQksRLVgpG40DKIAfO
Behavioral task
behavioral1
Sample
TwitchFollowBotbyKuroCracks/Twitch Follow Bot by KuroCracks.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/FastExecuteScript.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/RemoteExecuteScript.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral4
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Scheduler.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/SchedulerGui.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/UserInterface.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/Worker.exe
Resource
win10v2004-20230220-en
Malware Config
Targets
-
-
Target
TwitchFollowBotbyKuroCracks/Twitch Follow Bot by KuroCracks.exe
-
Size
587KB
-
MD5
7da2cd3d77e97f7701f01e9271a1cf10
-
SHA1
945e2a7f1de3a89265483cc94237b2b8d7c782a3
-
SHA256
a6b67e041d0e59b7f144fc4ff634669d377ba1898ecad4b77dc5663a31d8c5f4
-
SHA512
6dd828b9b9af928dc2fe5ae09e5c7200e4091b155d58d9dc06e70d14c1a6e7b5488b2075319906c5b54d4bc072c50a233cd52e4c0967bc52c188e939bc82bba3
-
SSDEEP
6144:QA+h3g9t8tK7/vAhguW/KRlMU7TB1x+Pnhm/3LOvMtUvT0BREFnqFe:Qvm9t8oy7b7THxy6e
Score1/10 -
-
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/FastExecuteScript.exe
-
Size
685KB
-
MD5
f287b430c94436cfbf3ee8650e978f53
-
SHA1
dae639a219a61f3d6eb71141fe2d560872d3ff5e
-
SHA256
c79fe93aac664fc5aebf3d578ce70a37cef683948d65f388d8db469d1736b072
-
SHA512
e5617d5fd42ac21b046e2ae370fda2cd92ec6853f6586626daad0f9aa9089e5c84fabe081bf12875c45336d4eb49232b258766fe82849261d732277f6af5b57b
-
SSDEEP
6144:nhc5Ynl/SY59XYTXgBekleVAMYuLq03jxuUNYYNXO3:nhMYdv5OXg
Score1/10 -
-
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/RemoteExecuteScript.exe
-
Size
256KB
-
MD5
380808935225adab0da0ff851308c045
-
SHA1
52e31532ddf4ccc51fc9a9721d1f6dfbfcd4829a
-
SHA256
98f085672a8cd1f233a084ae0b61bcb4978ec907d8b647af7cf3ad3eb5cb74e6
-
SHA512
89b7ca02071f228048151ccad993187b848242b6a36c5667b02aec4354f3439545e8577d0dbb28fbe5f798c96959619223762146de42bd23c2f6e1683d4803af
-
SSDEEP
6144:HM61NmWpM4Yazu51A2cyItp1fRCXUWTBegT7wGETjMA/MZJl48N6irYHO8X:VNmkM4YazG19c3CEWTIgT7
Score1/10 -
-
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Scheduler.exe
-
Size
448KB
-
MD5
b0e514c55e39bb3039a6e9fbe5bf668b
-
SHA1
7b11d7832c82bb52a065dcab11b13d3dd04c9c21
-
SHA256
27f6fa2b047fe6d04bb0d5650136ee63a352a1c5fd9638062237db87d236bc63
-
SHA512
5ee70b2e9b764a17d442d6a180fad4fbcb5338825c9b56655fc891e933c7b699f12f2b86f39aef491b117fd37a5cf9848087aa9c0e8702809ec989d755710018
-
SSDEEP
6144:tQgAUQ+Hzexzch2llxEESRuAQZ+dUj3PvoyQ74oWWj3yXw4+HjlbOz2LKtfEl:tQgAUQ+HzcEkq8+Dw3w49w
Score1/10 -
-
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/SchedulerGui.exe
-
Size
461KB
-
MD5
ccdee9e578fb9eb21a5fcec5d43e8de0
-
SHA1
4a580c2e39fafaf44f12d5a64556be96f65dff39
-
SHA256
7d3995e87417dfeb1c644a20c46805220876adc0f6a4a6c1fa81cfe92ead70a2
-
SHA512
37c44c801a86a52d2a1dd8236bd13f2c213f97741e5496f6ac9649f16fb2e67440ea3af359970e332790adebd724030e98e9387f08b2f691eaae93c6787c6d5c
-
SSDEEP
6144:nLfZUwjyln1IjkyhopbIHa2jijA0D8CNrepZYTTAOT3TwEif7:LfZUwjan1whyELjOrepZYXVDif7
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/UserInterface.exe
-
Size
764KB
-
MD5
9615be619e53fbc07bbd06d28069580c
-
SHA1
61bd5fd094c36d534b3f19eb76f102ae54b2c04f
-
SHA256
dee80f2b345bf19ff8047c53aa074487f14c3e077e2cdec0bba58fa77e69ba66
-
SHA512
f7a74e7a470c726cc0cdede4f4fd56f294843075918773ce957597a147941bc5d1dc2628ab94df62838cd72d7a92020d3eb4187bf9e01251c2e96bf6d51845da
-
SSDEEP
12288:ghQwEiCN9hf8b2KQqm5jOqJCoFqrH+ZHeEFFOhNeVCHFp7rTLqM6ETR24mi3OrDI:ghQwEiCN9hf8b2KQqm5jOqJCoFqrH+ZO
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
-
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/Worker.exe
-
Size
4.7MB
-
MD5
1a0f1d179faf5b55262d93566893dc2f
-
SHA1
a8327a663500fa120eb99dbd23231409018362cd
-
SHA256
63b9d139a3d47ff1bff242d03b06b50afe39ec63edcdf876b010e39b671d92eb
-
SHA512
ab414602d06e624462332a7d675a476660a124d7af964811eab11fc5ffbb5edeb7ed0fbbb58275365edc6a86e8ce0eda9ffc40cd25282feaa1b80f74b6d865d9
-
SSDEEP
98304:N6cZ2PD1VcF9zvYQk+jyzvExORFPAyLwW6txNCl:hu1Vc2+jyz8xyLkfNC
Score1/10 -
-
-
Target
TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/chrome/worker.exe
-
Size
1.9MB
-
MD5
cab3a38853334650446f70cdff88f647
-
SHA1
3ec82389402f0c0423c0753217f628d2ea7da445
-
SHA256
bf4069a45216189986296a5cef999ff8872eeeb7ac7ab13a5e84b27511e36841
-
SHA512
fbecc0369d725a24205d70eaf3cdad76ed0ebc009f346900f9c76e8674bfd2c9df3723a18f7d25b6a13aac277895a4f426ddb21c060291c110a4bdd41869b792
-
SSDEEP
24576:n0vN2iVRj8jl/e6udnzF4D+i8gdsVASn+F/mSts6fwMUyudf2XTQ50h6rw+EwhW:0vN2Wh8j2WdOn+FuStKMUyWf2X16kmW
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-