Overview
overview
10Static
static
10backdoor_remover.zip
windows7-x64
1backdoor_remover.zip
windows10-2004-x64
1backdooRemover.exe
windows7-x64
7backdooRemover.exe
windows10-2004-x64
7discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
5misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
backdoor_remover.zip
-
Size
58.2MB
-
Sample
230908-qr2zmaca4t
-
MD5
1589c057df027d368b7ee779f35de53a
-
SHA1
9aca3904d430a7e7bb3e6b2d88bf37a33d75fb1d
-
SHA256
a4ad54f7b4090d417182c91a216bd259272f1f37bfa06e13ef2e88b8b814b4d6
-
SHA512
ed8e66442dc0c96bf5aaac83d627b1ff229ca7bc4cffd48fcc1e1b9e4f57078f8d85a4048c399a8aa2b590bc5de35723aa70a8c855567908944ff24f72eded11
-
SSDEEP
1572864:WbFz+luiMs5zTqmtx0TkiGTjR4vUE0YEjTcSATuwQAM0LUtFku:4m0sFTqmtikicRgUYE8SATuwQAT3u
Behavioral task
behavioral1
Sample
backdoor_remover.zip
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
backdoor_remover.zip
Resource
win10v2004-20230831-en
Behavioral task
behavioral3
Sample
backdooRemover.exe
Resource
win7-20230831-en
Behavioral task
behavioral4
Sample
backdooRemover.exe
Resource
win10v2004-20230831-en
Behavioral task
behavioral5
Sample
discord_token_grabber.pyc
Resource
win7-20230831-en
Behavioral task
behavioral6
Sample
discord_token_grabber.pyc
Resource
win10v2004-20230831-en
Behavioral task
behavioral7
Sample
get_cookies.pyc
Resource
win7-20230831-en
Behavioral task
behavioral8
Sample
get_cookies.pyc
Resource
win10v2004-20230831-en
Behavioral task
behavioral9
Sample
misc.pyc
Resource
win7-20230831-en
Behavioral task
behavioral10
Sample
misc.pyc
Resource
win10v2004-20230831-en
Behavioral task
behavioral11
Sample
passwords_grabber.pyc
Resource
win7-20230831-en
Behavioral task
behavioral12
Sample
passwords_grabber.pyc
Resource
win10v2004-20230831-en
Behavioral task
behavioral13
Sample
source_prepared.pyc
Resource
win7-20230831-en
Behavioral task
behavioral14
Sample
source_prepared.pyc
Resource
win10v2004-20230831-en
Malware Config
Targets
-
-
Target
backdoor_remover.zip
-
Size
58.2MB
-
MD5
1589c057df027d368b7ee779f35de53a
-
SHA1
9aca3904d430a7e7bb3e6b2d88bf37a33d75fb1d
-
SHA256
a4ad54f7b4090d417182c91a216bd259272f1f37bfa06e13ef2e88b8b814b4d6
-
SHA512
ed8e66442dc0c96bf5aaac83d627b1ff229ca7bc4cffd48fcc1e1b9e4f57078f8d85a4048c399a8aa2b590bc5de35723aa70a8c855567908944ff24f72eded11
-
SSDEEP
1572864:WbFz+luiMs5zTqmtx0TkiGTjR4vUE0YEjTcSATuwQAM0LUtFku:4m0sFTqmtikicRgUYE8SATuwQAT3u
Score1/10 -
-
-
Target
backdooRemover.exe
-
Size
62.9MB
-
MD5
647f5f13cc5805ec7be6db2cd75a6bbd
-
SHA1
68f74f3842af9ac972b71e5c2327b86f7ede8e2a
-
SHA256
96e494ea8c8db19bfdf702428fb3fe06b88a916b5044e92af6641ddd3a5c63c7
-
SHA512
93979e79719b5890c142e8ce8ac8dfcf30c951a57684078a59ff8915ce55f50a4cd8fb6f9c9eefb98a2647264ee31c7b56492d1bedf08dfd81bcf768e1adcf4b
-
SSDEEP
1572864:TDQPImtAPWUH5RdDMEOH5RKGvirAH8+1osuTCSxOB6xMV/Jq:TDXwKFHndDHOHn/vS6xjKcBaC/Jq
Score7/10-
Loads dropped DLL
-
-
-
Target
discord_token_grabber.pyc
-
Size
8KB
-
MD5
8aec4ce51e32611a7fd0c3d3b37df53a
-
SHA1
050a88001122eb6e9bd8868e14d980392f8e69cb
-
SHA256
539fbe4b49bb83eab970d9131c75b3a8b8728eb81d7ecf7153b2a1238eaa0dfa
-
SHA512
8dc0a6455dd9604bbcd31dad923296b746f44961481d95c0f5a0a250792e3fd1116fe2d0609cbe495f9f49d74bee302d105cebb4051b78556158fc150aa39dcd
-
SSDEEP
192:TgRNL7RbmujbweogNdMl7BeEJFDI2Z7w4HGz:IZlmcwpwdM7DZ7w1z
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
5KB
-
MD5
ee8f85bda7602ba94eb4a601529a99b6
-
SHA1
29fd09837aa81bd51cb1203b5a22eafb6592fe9b
-
SHA256
e094dbfff044bb3bd7590340317d20a0568f995f9ecb0f46f1a995e4defcc7af
-
SHA512
79a23da574c146fe7a4b112341bd002f67b68ff4c6e4eaf8814b5f29dba7e07fb73be619a1fb456177329c4b3cbbd48c3efdd3648724e0bac994a6868892f116
-
SSDEEP
96:5G0jBMvk89Jn96+xVBcnqiicv47CaRYubWeBYWTZzPj3tPVlc142x:5S3UYXPipv86uNe4ZPj3tPVG1r
Score5/10-
Drops file in System32 directory
-
-
-
Target
misc.pyc
-
Size
2KB
-
MD5
e8d5156ef2ae2726b78556c96cf08a0a
-
SHA1
85e6c576f04f32b77f37818ed765a47bca9ce4e1
-
SHA256
4c1a1ce8d5f404de110ff32af0f196a1c4d08d204376c5b101d089b7351662e6
-
SHA512
51d501476c53d37232566dc853de0e08fd18b4c48cf60cd5c285dcbc0617eef313f089f3f07c90dc142559dd91b75f34b617fd30558d086172d56fe02e055258
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
4KB
-
MD5
dd70d2af5ea2ab34239b8dc0f9ec9e31
-
SHA1
efe2a252a1971e2ce5abbcd807da7bde7d871d88
-
SHA256
eeb1f51948264f9e3f39d5e12e5fbacac689a2a6d6924dfd896b3f0eb0ace7c6
-
SHA512
af8edebe9c91cb5ea332874aaa3ae39da353261a6b8998b0a11892667291f1a90fb10c771544067c7139a7f8076b17d4c19e305bb522a448bbe49cea432933a3
-
SSDEEP
96:3APDnTWeYwh82zgWxU2i7YgzDGUzg49aekspoUU6FqeRgtNvMHn0UwicQi7:QzCEh8uVMX3vztF7U2q3kH04cQi7
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
35KB
-
MD5
487e5eed5d25dd75f9acd8deecadcdad
-
SHA1
6747baa86104126abcefb51c0af466d865d4d8e1
-
SHA256
6dc89ccd5c20cf337529ba5da86ec65ac6c93cd551c6963e3b26f3f0a3baeb0f
-
SHA512
e17d0214a6784508256e052d93af0985081ec389cb748fe79cbc7cab228e041f431d337c3455d13699c59af462ae90717f313f624df5c383970f6431d167617c
-
SSDEEP
768:Z74yQgigcBaYcYmRXZsPozpLNBcdB4oXcdPCo:Z7Reg8aZYyKo9YdB4oXchCo
Score3/10 -