General

  • Target

    TwitchFollowBotbyKuroCracks.zip

  • Size

    388.3MB

  • Sample

    230429-nh736scg3w

  • MD5

    8e2f765151645545bd465aecc9970ec9

  • SHA1

    b7f297d37f01a7830cf09bb2f5b97011721f0656

  • SHA256

    08199dd6a39908c277dfbcdd1db5144e1516bda9108fa22c8567e3ec0dc73574

  • SHA512

    e4ef033d94376b52cfe5cf12402b0b77f560b6a6a23b204e808d7dd139cf264c6da38bfa03116bc3b3cde613947697e5f7e8efb7bdbc1be7d5bf979cfd7faa84

  • SSDEEP

    12582912:Ih/KCfvybcHQksRWUVgpk5fC1U7VtKIm/fO:0/JvyWQksRLVgpG40DKIAfO

Score
10/10

Malware Config

Targets

    • Target

      TwitchFollowBotbyKuroCracks/Twitch Follow Bot by KuroCracks.exe

    • Size

      587KB

    • MD5

      7da2cd3d77e97f7701f01e9271a1cf10

    • SHA1

      945e2a7f1de3a89265483cc94237b2b8d7c782a3

    • SHA256

      a6b67e041d0e59b7f144fc4ff634669d377ba1898ecad4b77dc5663a31d8c5f4

    • SHA512

      6dd828b9b9af928dc2fe5ae09e5c7200e4091b155d58d9dc06e70d14c1a6e7b5488b2075319906c5b54d4bc072c50a233cd52e4c0967bc52c188e939bc82bba3

    • SSDEEP

      6144:QA+h3g9t8tK7/vAhguW/KRlMU7TB1x+Pnhm/3LOvMtUvT0BREFnqFe:Qvm9t8oy7b7THxy6e

    Score
    1/10
    • Target

      TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/FastExecuteScript.exe

    • Size

      685KB

    • MD5

      f287b430c94436cfbf3ee8650e978f53

    • SHA1

      dae639a219a61f3d6eb71141fe2d560872d3ff5e

    • SHA256

      c79fe93aac664fc5aebf3d578ce70a37cef683948d65f388d8db469d1736b072

    • SHA512

      e5617d5fd42ac21b046e2ae370fda2cd92ec6853f6586626daad0f9aa9089e5c84fabe081bf12875c45336d4eb49232b258766fe82849261d732277f6af5b57b

    • SSDEEP

      6144:nhc5Ynl/SY59XYTXgBekleVAMYuLq03jxuUNYYNXO3:nhMYdv5OXg

    Score
    1/10
    • Target

      TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/RemoteExecuteScript.exe

    • Size

      256KB

    • MD5

      380808935225adab0da0ff851308c045

    • SHA1

      52e31532ddf4ccc51fc9a9721d1f6dfbfcd4829a

    • SHA256

      98f085672a8cd1f233a084ae0b61bcb4978ec907d8b647af7cf3ad3eb5cb74e6

    • SHA512

      89b7ca02071f228048151ccad993187b848242b6a36c5667b02aec4354f3439545e8577d0dbb28fbe5f798c96959619223762146de42bd23c2f6e1683d4803af

    • SSDEEP

      6144:HM61NmWpM4Yazu51A2cyItp1fRCXUWTBegT7wGETjMA/MZJl48N6irYHO8X:VNmkM4YazG19c3CEWTIgT7

    Score
    1/10
    • Target

      TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Scheduler.exe

    • Size

      448KB

    • MD5

      b0e514c55e39bb3039a6e9fbe5bf668b

    • SHA1

      7b11d7832c82bb52a065dcab11b13d3dd04c9c21

    • SHA256

      27f6fa2b047fe6d04bb0d5650136ee63a352a1c5fd9638062237db87d236bc63

    • SHA512

      5ee70b2e9b764a17d442d6a180fad4fbcb5338825c9b56655fc891e933c7b699f12f2b86f39aef491b117fd37a5cf9848087aa9c0e8702809ec989d755710018

    • SSDEEP

      6144:tQgAUQ+Hzexzch2llxEESRuAQZ+dUj3PvoyQ74oWWj3yXw4+HjlbOz2LKtfEl:tQgAUQ+HzcEkq8+Dw3w49w

    Score
    1/10
    • Target

      TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/SchedulerGui.exe

    • Size

      461KB

    • MD5

      ccdee9e578fb9eb21a5fcec5d43e8de0

    • SHA1

      4a580c2e39fafaf44f12d5a64556be96f65dff39

    • SHA256

      7d3995e87417dfeb1c644a20c46805220876adc0f6a4a6c1fa81cfe92ead70a2

    • SHA512

      37c44c801a86a52d2a1dd8236bd13f2c213f97741e5496f6ac9649f16fb2e67440ea3af359970e332790adebd724030e98e9387f08b2f691eaae93c6787c6d5c

    • SSDEEP

      6144:nLfZUwjyln1IjkyhopbIHa2jijA0D8CNrepZYTTAOT3TwEif7:LfZUwjan1whyELjOrepZYXVDif7

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/UserInterface.exe

    • Size

      764KB

    • MD5

      9615be619e53fbc07bbd06d28069580c

    • SHA1

      61bd5fd094c36d534b3f19eb76f102ae54b2c04f

    • SHA256

      dee80f2b345bf19ff8047c53aa074487f14c3e077e2cdec0bba58fa77e69ba66

    • SHA512

      f7a74e7a470c726cc0cdede4f4fd56f294843075918773ce957597a147941bc5d1dc2628ab94df62838cd72d7a92020d3eb4187bf9e01251c2e96bf6d51845da

    • SSDEEP

      12288:ghQwEiCN9hf8b2KQqm5jOqJCoFqrH+ZHeEFFOhNeVCHFp7rTLqM6ETR24mi3OrDI:ghQwEiCN9hf8b2KQqm5jOqJCoFqrH+ZO

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Target

      TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/Worker.exe

    • Size

      4.7MB

    • MD5

      1a0f1d179faf5b55262d93566893dc2f

    • SHA1

      a8327a663500fa120eb99dbd23231409018362cd

    • SHA256

      63b9d139a3d47ff1bff242d03b06b50afe39ec63edcdf876b010e39b671d92eb

    • SHA512

      ab414602d06e624462332a7d675a476660a124d7af964811eab11fc5ffbb5edeb7ed0fbbb58275365edc6a86e8ce0eda9ffc40cd25282feaa1b80f74b6d865d9

    • SSDEEP

      98304:N6cZ2PD1VcF9zvYQk+jyzvExORFPAyLwW6txNCl:hu1Vc2+jyz8xyLkfNC

    Score
    1/10
    • Target

      TwitchFollowBotbyKuroCracks/appslocal/e3b0c442/SID8dd4cb65/engine/Worker/chrome/worker.exe

    • Size

      1.9MB

    • MD5

      cab3a38853334650446f70cdff88f647

    • SHA1

      3ec82389402f0c0423c0753217f628d2ea7da445

    • SHA256

      bf4069a45216189986296a5cef999ff8872eeeb7ac7ab13a5e84b27511e36841

    • SHA512

      fbecc0369d725a24205d70eaf3cdad76ed0ebc009f346900f9c76e8674bfd2c9df3723a18f7d25b6a13aac277895a4f426ddb21c060291c110a4bdd41869b792

    • SSDEEP

      24576:n0vN2iVRj8jl/e6udnzF4D+i8gdsVASn+F/mSts6fwMUyudf2XTQ50h6rw+EwhW:0vN2Wh8j2WdOn+FuStKMUyWf2X16kmW

    Score
    7/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks