65b3da1935423095cf9f354a6221aa8c049cea0e334094766a3c6e41a080d049

Sharing

Copy URL

Twitter E-mail

General

Target

PyCraft-main.zip
Size

4.9MB
Sample

230714-zs9kjaga78
MD5

fd97434ef7730a37a24051bbeb3a3640
SHA1

d6a5a073e561255e3184968c5375552c5da503df
SHA256

65b3da1935423095cf9f354a6221aa8c049cea0e334094766a3c6e41a080d049
SHA512

49ac9b2309cf22d644caae3136e33a33a585566c34c8966792bed302866c0b0299f65b9d551f0082dd25d599032b652f099f45cfeea0f3c204e0bdeaac9afb3b
SSDEEP

98304:vORR6+pH9XTn7ZtBMwLubej+QM8wfeBSPQpfMjYq3QTNlOl7wj20YEbPQXT6b9I4:QpdXTriw6bej1NwW0PTc2OWcj2BEbPk0

Score

7^/10

discovery persistence

Malware Config

Targets

- Target
  
  PyCraft-main.zip
- Size
  
  4.9MB
- MD5
  
  fd97434ef7730a37a24051bbeb3a3640
- SHA1
  
  d6a5a073e561255e3184968c5375552c5da503df
- SHA256
  
  65b3da1935423095cf9f354a6221aa8c049cea0e334094766a3c6e41a080d049
- SHA512
  
  49ac9b2309cf22d644caae3136e33a33a585566c34c8966792bed302866c0b0299f65b9d551f0082dd25d599032b652f099f45cfeea0f3c204e0bdeaac9afb3b
- SSDEEP
  
  98304:vORR6+pH9XTn7ZtBMwLubej+QM8wfeBSPQpfMjYq3QTNlOl7wj20YEbPQXT6b9I4:QpdXTriw6bej1NwW0PTc2OWcj2BEbPk0
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  PyCraft-main/.github/workflows/release.yml
- Size
  
  516B
- MD5
  
  3184ed7216cec64449bda5b26e1df4c5
- SHA1
  
  570e4d20ad60d0d91b373ab090d5ed2c15354d57
- SHA256
  
  a85248155edab57febad328583d7202df6da690c64b9904e0f29c1feb1564b38
- SHA512
  
  a9c7bfdf2f2a9302bac6b45805ed879d04970a0a9c3c0e40e98abfac685c80723f1d41c33f8272fcca197fbbbc25aa7d805c906484d280b43ce3e8c0ab252dd2
Score

1^/10
behavioral2
- Target
  
  PyCraft-main/LICENSE
- Size
  
  1KB
- MD5
  
  daebd4c46db6dd8c7ea3ab2ad7fb4b43
- SHA1
  
  ce891856c9fd89d4c80ae0b42b56bcf99c02a8af
- SHA256
  
  4cdfba775bfb92aa9f6de8206ca5519015e4a9eab1197d334640d853d837acd6
- SHA512
  
  5f757a5bdc18c03346ef49c5b3c74e068ef510133dbb8bf601d66b5e76dbb3be7c7c95c79f7da3c37bb322721fabcbb6a3fc18cda7b399df9ff3945f45a16efa
Score

1^/10
behavioral3
- Target
  
  PyCraft-main/README.md
- Size
  
  7KB
- MD5
  
  c2be233502e4ffb2e063f4cc2eab060d
- SHA1
  
  b04834d5b1b871d4b9491bc5d8c0c2f19a239aeb
- SHA256
  
  226f65fc78e315fc2c5f2b378e153cb7b8fe347f3fc0f0d0b53637d5a408434e
- SHA512
  
  bc3e8bdaa890f07d03d017e12a2bbe889ba65a6b4381e710ec12b7354d80d04c12d430d25cc622db831104588f7cf6a08381259ad08e51661eaacb864ed6602a
- SSDEEP
  
  96:JVrOS27EPJMa6HoEY+sN10wlSRYogWMBi7mWvtjRy6eIkS/2of7Roe1BshT5cfud:viSP79zmgWMamW1HLGELfRuyASkEiBN
Score

1^/10
behavioral4
- Target
  
  PyCraft-main/about.txt
- Size
  
  41B
- MD5
  
  1e1759304fd4f1101fb652fe4321870a
- SHA1
  
  7317692cef235620f9b619130b8644c7a305df90
- SHA256
  
  8bb080998733fed90fee91c88d5209797ab8173bc98a6c6cd2c820b28c6e92d7
- SHA512
  
  fec805eea905355cf377471da676e925ebe77dd626e2941a79ae769a6a81074de7b8c66ab82c6fc063a12333181d3b22ffbd965ff892c086e2884caab64695b6
Score

1^/10
behavioral5
- Target
  
  PyCraft-main/authlib/authlib-injector-1.1.39.jar
- Size
  
  304KB
- MD5
  
  99715ba1c91bc2e2995237aa1a6a4967
- SHA1
  
  5e8cda9cb85e3227f60829db1e595d186543ae40
- SHA256
  
  d743dee655a1b187372398c6eb270f67503733ad03531bbc74d2bcc6f2bd0ffa
- SHA512
  
  e47913f97b68cb5f187e2ded5cc0f704fbaa9ddb37273b1b5eec7d604d40b7dfeee0692ede63a1fc636b01c59399ebc9310357e6373a5f411c0346e1f323c666
- SSDEEP
  
  6144:lZSx8gmV2rT67kf+o2PC9zKF5N4ySdAdXKzg8usREeoUaaQqFjpU4:yGgKm672LKN4ljhubefaLqFH
Score

1^/10
behavioral6
- Target
  
  PyCraft-main/fonts/GALS.ttf
- Size
  
  342KB
- MD5
  
  5cd05868bc51331f25ef5d89bca1782b
- SHA1
  
  566535dcdb864bdf34321ebecff8510a5d48dd60
- SHA256
  
  90d249b179b2ef360f690ecb9da80188af89c0414ea2ab2862c3a3c8cc4395bc
- SHA512
  
  21e7590b3c5f91b2ee9e349132fe678cca4f959f4e6f281370f4d75176ee572c3a6b31c2b0a90232abd94382ff8797276acb7427e07871e4a9edb95552e16f58
- SSDEEP
  
  6144:VaM0vQCPdsriYb2/OnVEU5EnZL36v9vfzhmXcDF:Vh0vQCPdK5E4hNuaF
Score

1^/10
behavioral7
- Target
  
  PyCraft-main/fonts/GALSB.ttf
- Size
  
  342KB
- MD5
  
  56e876251f14495fa178113cb35d033f
- SHA1
  
  93b7d4e30dd09251218456031442a88bd13b4419
- SHA256
  
  fb6cc6389aca6e486be81bf0d5769da10af09ca295a1a53abbdfe1120e9226fb
- SHA512
  
  a24568e752ea6bc06ad8d10effc9c43114ec1dd243fb7d1e36a65a7ee32f49082706fc054a1edcaebceb3fb55d7ca5ccbd7e3d0cf8aa32182cf71802009de816
- SSDEEP
  
  6144:TZZymnziZnf43Fmw2gILV2AJc1xYr+hZXvgGDj:Tvymnz4mIxFygQj
Score

1^/10
behavioral8
- Target
  
  PyCraft-main/fonts/LICENSE.txt
- Size
  
  11KB
- MD5
  
  d273d63619c9aeaf15cdaf76422c4f87
- SHA1
  
  47b573e3824cd5e02a1a3ae99e2735b49e0256e4
- SHA256
  
  3ddf9be5c28fe27dad143a5dc76eea25222ad1dd68934a047064e56ed2fa40c5
- SHA512
  
  4cc5a12bfe984c0a50bf7943e2d70a948d520ef423677c77629707aace3a95aa378d205de929105d644680679e70ef2449479b360ad44896b75bafed66613272
- SSDEEP
  
  192:qf9qG4QSAVOSbwF1wOFXuFJyQtxmG3ep/7rlzKfHbxc+Xq0rhlkT8SHfH2:kOu9b01DY/rGBt+dc+aclkT8SH+
Score

1^/10
behavioral9
- Target
  
  PyCraft-main/fonts/Minecraft.ttf
- Size
  
  14KB
- MD5
  
  d7b98c450349bef0631c7229b804a5c7
- SHA1
  
  adeaf75e88666e1987255be09e7bcc452bb4722d
- SHA256
  
  bd47314d301e50ff4d109bff28dfcf637cb7eb13945480259878b848875acc65
- SHA512
  
  b541e1231e8daf497c1c067b94e5eca6fcf1d13abf4aa76df8ed15507b45f530079b18d617bd758b66dc940a34ba410c118101ec89c4d92c5aeb276c5eb85f5a
- SSDEEP
  
  192:94XznbaOZX7UFDGkcgOE0zaIalXzVSFszkIn8gXKOrk:9UX7UFDpcgOERIaljVSFs4gXK1
Score

1^/10
behavioral10
- Target
  
  PyCraft-main/fonts/Sunshiney-Regular.ttf
- Size
  
  155KB
- MD5
  
  afbbd09b261ded288ee8e752f838e93c
- SHA1
  
  02c6d15a02e1ad3bdeba3c0df17b48f5d1272750
- SHA256
  
  beaa66fc9a78469ee6dcb5a2114a822240c7dd8cb33dfd54619b56d3e08f0e55
- SHA512
  
  147e7f5ab338dd08f1babe3cce1c1162668cb557072b42ab984bdc805aa8974c82c683c3cb55258a13e12184bebfa6197b1093bb41a5e607b813c160648b3e54
- SSDEEP
  
  1536:Dqcod1m7EwrxHY83GFwnFa/p3Sg82l1+HPcUwH6LNAnFIlALyHrYZv0lc55yydzF:xovYgCGKQByyt0o
Score

1^/10
behavioral11
- Target
  
  PyCraft-main/fonts/install_fonts_win.ps1
- Size
  
  410B
- MD5
  
  860df99b481b4f1060af56d37963ae1a
- SHA1
  
  97b5a3f13a9b643f364cc52244eaca5697dd634c
- SHA256
  
  be9a1740101c0fc3bd5adcff57c775c290b3c138c8437d870d5da9996c44fa3d
- SHA512
  
  005505b5322556abb6389d34acce45fca4a878e39334f965e5bd5fc94bbe832a91a273966ff4c642ea54bf90c724c1df9998c00091f8163620ea590554954317
Score

1^/10
behavioral12
- Target
  
  PyCraft-main/fonts/install_fonts_win.py
- Size
  
  918B
- MD5
  
  f7fac5b44c1ded9d521382ccf9f2216b
- SHA1
  
  40ca8c2105133addf500ceaccf61e89cbf832e07
- SHA256
  
  0361d3bf725d0ae10fa4f777582e970a5c354496c12233359b5d5642e8caf17a
- SHA512
  
  1074c6678652c0a2d2a0e5a3d7fd2632d6827e2a5f6fae8026b93e600c319acf097f0c46a93be910ff1a96a6c00572d17539da4a7e0514885afe09ccc8515d6b
Score

1^/10
behavioral13
- Target
  
  PyCraft-main/fonts/install_fonts_win.vbs
- Size
  
  658B
- MD5
  
  c70a09554c0fde91db29e90d685df607
- SHA1
  
  1c96906b19488c91c17b52eb4288a3c764e01328
- SHA256
  
  8187269a2001c09d596b99d1156a68e40f416066e0d36a95e4e08be40c9d2d37
- SHA512
  
  babfe3c5942062e6bab6ea99c9d36d5fc4106c50f1758ee89d7ff59a5e568aafaf5454df51699f0fc1dc891f0274a346649076d60d12918019d8bd25d96d2ca8
Score

4^/10
behavioral14
- Target
  
  PyCraft-main/img/progressbar.mp4
- Size
  
  612KB
- MD5
  
  b7012b279d107dab0f2105ff8b0c8d2a
- SHA1
  
  3f6fcecbb42bf03a523c2c2a4a41eaa97e64a599
- SHA256
  
  760fe6e8aff9c88f63bbe65cf62493d07e7c040e64152f812cec90c030247cd1
- SHA512
  
  f15e5ab8c4b6c71b97e42a6b23ec46e258ac308139c96945c78ee3cd6e03fc8ccafdf0eee361ed59553f642e4dc33238835edf046c6e838b595aed94d587012b
- SSDEEP
  
  12288:BsKm1sOh+CD841JBtrxVknGs6uE+z/yY87vQ3Qr8mZFU6oDnoXQesyyh:BsiO42BtxVkZE+z6YT3A8SFU6OuGyo
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral15
- Target
  
  PyCraft-main/img/pycraft1.png
- Size
  
  698KB
- MD5
  
  5390935bdba62916065393f70c47e383
- SHA1
  
  39dfd3482785ee591d1df213d2b8460f5dc80048
- SHA256
  
  c5ddf28c800a2d56ff0fb263e94cb63c216b6166b174b2e1ac02cb62de14e1b8
- SHA512
  
  c82d26b034c90ecdd901ad6a4594d916a4f456850d1b272b9a01097db6546ccc01dbbf7f2fadeedbe030ee33772b10ccdd814a341c32d6d3363cc51de32ddac4
- SSDEEP
  
  12288:5rxPQQq7Pqj73ga8A2hkO1jYiaoCb50Xdmhk2jqQ2cNSSQ/eq5WgnDDMWq:RxPQQJv33vVoa9LjrfISmeQW0M9
Score

1^/10
behavioral16
- Target
  
  PyCraft-main/img/pycraft2.png
- Size
  
  680KB
- MD5
  
  9dd225561eb8b4a41bfb22bf8bf34bd5
- SHA1
  
  b8397cc3009eee8351babf7102f5d4cbe4ea5d23
- SHA256
  
  d2a16f5683d2a689e84325d704c2d8c5072a1953e484fbed7d3e0154cc1696d1
- SHA512
  
  7c25bac16570f159d7f84a43bb8cc0d2a16937999d31557098f40e40e84ed7755ad1274ac919dac27ae93a2272577f95e9aeaa8d24c53085019d21e6ee384c61
- SSDEEP
  
  12288:p+hsP/41w1iUg038widPgM9rN/ovXsRLKPJkJr6F4BgcGBeywgpziHkJN:pjP/Qw1iUg0ij/wRRd0ywaO8N
Score

1^/10
behavioral17
- Target
  
  PyCraft-main/img/pycraft3.png
- Size
  
  620KB
- MD5
  
  e5032a4dbe5c093ba3a80553ebe8a1b3
- SHA1
  
  7cf355efd7b2f8739bd1027d25f3ec0acb17209a
- SHA256
  
  b4b5ea95eca79ad2963c17c99d77e0c6a7d61da2df7ff36ba2205423d7e784ab
- SHA512
  
  ecfa2a7429008bb9e32d315c1d95277c53b53cd40a654107cbbf22200a1f42b3e9de57ca0fc8663b1cbdfa3383045dbf7ba711074ad9f0b58264c01dc73783f0
- SSDEEP
  
  12288:FO/j2biVW9CPujJhbVtNJdSfIeaQfibvnlh0vYqsN5KzVogzpamFMrIWH17/:FOv8hJtNfjflh0vLWOTlRdE/
Score

1^/10
behavioral18
- Target
  
  PyCraft-main/img/pycraft4.png
- Size
  
  743KB
- MD5
  
  5767b444c43360865b7a6433f1ec4dc8
- SHA1
  
  b901abb38c2a0cc7482e2d2df52bdbc91870a4b6
- SHA256
  
  de3a361f498cc9cce939f83bed56504aba239de38fa2d4c0bea76554be3e7866
- SHA512
  
  e9ad9b8abbafd02944622871a9ffcf4a9d075230ba0cff5883726bee81cb275ec2f3140ece070d24d06189657518ae592f7bbf4d89a5958c5b89d0e8092779b3
- SSDEEP
  
  12288:k/wl9WrwS9bF0UBK4wOhruwRp73K1ErYmVYjzI+JYpVgqWflKXQnW0051nVl:VWrHF/VNruwRpe1ErYmVYXI+agL9KXQs
Score

1^/10
behavioral19
- Target
  
  PyCraft-main/install.nsi
- Size
  
  2KB
- MD5
  
  cffea90b4cf168581a155c79b62b971e
- SHA1
  
  b0f4d870e7d7c2d8b2178fc4b96e5ae805a5585a
- SHA256
  
  26d7d1f5f6fca23e3ae945ba7b8942e2370cda4aa96bf13df7d3dfd782c83bf4
- SHA512
  
  180a23ad033ab42e8ab9b8a73e2df1567d02b5d73d11f1305aff691b30a9a6375645290327236285ae422938d04c5707a8adc13d516c3b9bff168f3b01820ae7
Score

1^/10
behavioral20
- Target
  
  PyCraft-main/install.py
- Size
  
  2KB
- MD5
  
  175306f48d58e99f48675e7a96272c7a
- SHA1
  
  aff9a7c5db3ea0b708f2e9c219e55275654ceaa2
- SHA256
  
  a4da823250210c794d89d32fa0fc9ede23002cd3205f8421c1168b169a4757a9
- SHA512
  
  3778ff0de7fa2968217935f62b12f91aa5c5920e8172a0f7c6ef2d849f7cc7948960f8ed1bec66186fb29a6c58aa9a038e56ebe9e0959efa4f204ce65c639e34
Score

1^/10
behavioral21
- Target
  
  PyCraft-main/main.py
- Size
  
  94KB
- MD5
  
  b0d42f5e07f798809450bac4c37a74d2
- SHA1
  
  7bd44023f4fab9652e39750f7e6568bdf6bfcb3a
- SHA256
  
  0034f7a3fe4ed108b35ef51ca1ec2f185acc43e1645edd62b7c0c6db2212906e
- SHA512
  
  9f0d31cf693c36a38ce9f031a0609bae4273ebc43a8d0a5a18d4c51abd3cd119b5dbf33aa1ab1e53b2898322057690e3003bd8e780c3d391107b5bb16aeed7a5
- SSDEEP
  
  384:oGzBUgM6SPeAMgN++TeCedPXqdq3Yg9/mqU4e9UYzalzPy/AVBAu/zGzu8z0k3Bx:o6UaETeCetqhqU5qkGkmUm4fBqS
Score

1^/10
behavioral22
- Target
  
  PyCraft-main/main.spec
- Size
  
  832B
- MD5
  
  905990dad8d299e443d371c0913cae50
- SHA1
  
  9d021c2a441cb17f7df7e612ab05d6efef5cd44c
- SHA256
  
  a942aa42ca283d64cdeba8769a2d4b89cab078bf631a6a6054899b903e235099
- SHA512
  
  9476e32fcca35a42af7a132871a64e718593bbe187c7f29c15049da858ab92c76b7966ad074c98091d5dbddcc49115d9a4678f010e31f938166ea0aeb6d7de1c
Score

1^/10
behavioral23
- Target
  
  PyCraft-main/mod.py
- Size
  
  2KB
- MD5
  
  807121346e3b3be516d99047ceb5d05b
- SHA1
  
  8f10accea37682cfe442f27a2b7fba4e7dc8d484
- SHA256
  
  cc82098dae3c72de5cd7d7e7e2d6805f97c1de802c7df74e12d9181c646ffce2
- SHA512
  
  8556138ce0262fda9b845ed079c1113a9e700c8335f4674b5f391d71e3850d657258601591e92e25b21c08e0f9719b4eb9b83cdc7dd0d60e2ea9add4871aa58f
Score

1^/10
behavioral24
- Target
  
  PyCraft-main/pycraft_gui.py
- Size
  
  8KB
- MD5
  
  694c1f881880a2aad584d0e524f93e70
- SHA1
  
  ecf020be091c36fd9fb765b301be1ea410143811
- SHA256
  
  c8ff6eb00eb13918b913bbb91a112f0333aabc46cc60805ecbeafd25cb6974ee
- SHA512
  
  c64ea21d2655a2cad22a25a3c425fe739fadb7a0f6d8015e3e4fa625182972885c7463faf344baa4766a745995c9ebff35faa9aa2e4ffa536430497a51091484
- SSDEEP
  
  192:zScGM28RVWc4hP28RVWA4gx1uUU/U5wPrWjyZMZQ7Y2HeYV7BcL:zSq6hB+gxsUxGXZMZGY2HeYV7BcL
Score

1^/10
behavioral25
- Target
  
  PyCraft-main/requirements.txt
- Size
  
  214B
- MD5
  
  238fe484bbb7974a818b8b375be6be00
- SHA1
  
  da074e08e6642978e7d80acd5a337475232f05d8
- SHA256
  
  4628d3c443bed49221bab7f3cdbcacdbf45ce8725a89f6e87fd48814440aaaec
- SHA512
  
  f5061867ffca7d3b8767a0b17e2d44501cd403cc7bd979e519256e70f0334d38696a14715f2d92e02184e5c8c89ae9a6b2f62d72a2227bf6ca1758be6f30ab47
Score

1^/10
behavioral26
- Target
  
  PyCraft-main/skins.md
- Size
  
  1KB
- MD5
  
  6d65f790f0191813bbffe73326b78d14
- SHA1
  
  f2ea7df9352a6ef638ccb733ad5f8d6849a9e2e3
- SHA256
  
  9d1d155a189b202495a9bf5e31a926192c79c67e09ecc066f8bc10551aea042c
- SHA512
  
  a391b4a0a91a7aba70eb41d67cb35a1dc3f3371fa4167a9a3f443a4f3872f5d7d5065b2794001709fdf26e499abcecb758f363978b4dc9f1ee99d43c232be994
Score

1^/10
behavioral27
- Target
  
  PyCraft-main/speedtracker.py
- Size
  
  602B
- MD5
  
  f6b5ffe015720a6d1f3b46f553a9dbd1
- SHA1
  
  2420ead6ee74fb05dad621670d6ca781e684f0f2
- SHA256
  
  a6caeebb50eafa44d3f206fa01b4e4de519bfd20c638514cf9aa17479e7f2e4e
- SHA512
  
  e8632ab13a9bd4b3e08c37e89a44d425f91c1e8af3d8906c83b26655d5ad16e4848e95f79126991b7c1c4fb4ee7aa040f08ae9684a01754f6d6d0b66b862b9bf
Score

1^/10
behavioral28
- Target
  
  PyCraft-main/test
- Size
  
  10B
- MD5
  
  cee8ad948ac5ae0c529b1ef8cf784611
- SHA1
  
  f4b8eba694da0733d377550745d8e621e6c9e2d3
- SHA256
  
  5ab0e41d375508e757ac1e5c4301435b8825761959ac1ddf5410e96033393997
- SHA512
  
  b9ba550137ef138996401736c3f093c8e703720a8b5e2dcdf42c540e61e1cb7e156b749dff6060767934de4a71132cebc0b28a362e3136dbcc427b269bb5b7a8
Score

1^/10
behavioral29

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

T1042

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

Loads dropped DLL

Modifies system executable filetype association

Registers COM server for autorun

Adds Run key to start application

Checks installed software on the system

Checks system information in the registry

Enumerates connected drives

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29