Overview
overview
7Static
static
3FRASKEY BY...che.py
windows7-x64
3FRASKEY BY...che.py
windows10-2004-x64
3FRASKEY BY...che.py
windows7-x64
3FRASKEY BY...che.py
windows10-2004-x64
3FRASKEY BY...t__.py
windows7-x64
3FRASKEY BY...t__.py
windows10-2004-x64
3FRASKEY BY...yc.pyc
windows7-x64
3FRASKEY BY...yc.pyc
windows10-2004-x64
3FRASKEY BY...me.dll
windows7-x64
1FRASKEY BY...me.dll
windows10-2004-x64
1FRASKEY BY...er.exe
windows7-x64
7FRASKEY BY...er.exe
windows10-2004-x64
7FRASKEY BY...in.exe
windows7-x64
7FRASKEY BY...in.exe
windows10-2004-x64
7FRASKEY BY...che.py
windows7-x64
3FRASKEY BY...che.py
windows10-2004-x64
3FRASKEY BY...che.py
windows7-x64
3FRASKEY BY...che.py
windows10-2004-x64
3FRASKEY BY...t__.py
windows7-x64
3FRASKEY BY...t__.py
windows10-2004-x64
3FRASKEY BY...11.pyc
windows7-x64
3FRASKEY BY...11.pyc
windows10-2004-x64
3FRASKEY BY...me.dll
windows7-x64
1FRASKEY BY...me.dll
windows10-2004-x64
1FRASKEY BY...er.exe
windows7-x64
7FRASKEY BY...er.exe
windows10-2004-x64
7FRASKEY BY...in.exe
windows7-x64
7FRASKEY BY...in.exe
windows10-2004-x64
7General
-
Target
FRASKEY BYFRON BYPASS.zip
-
Size
158.1MB
-
Sample
231101-dex4pabe45
-
MD5
be2405cb198d7705b390ba45d3e373c3
-
SHA1
29557e9362baf0543cccbdac0f3e95e261634fc2
-
SHA256
796c19c8a7db21c52c9fc97dcbeee2fa9167b60b009558f8ba2d87208780e348
-
SHA512
4e0dcaf6a77c97d7e7f9d3e59cf86c640d064520c059753f080f16485b80402cd7d1c4c6844e7b13b7f7ad425f2d690cf00bc4aecfd10ebec7e0c35d062beec2
-
SSDEEP
3145728:gNkbJ+X1nufS3s0ZtlOu6qf2MswPKEiQwJraPRVLNkbJ+X1nufS3s0ZtlOu6qf2r:3J+FufS3PLZ6qpswPIFmTmJ+FufS3PLO
Behavioral task
behavioral1
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/cache.py
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/cache.py
Resource
win10v2004-20231023-en
Behavioral task
behavioral3
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/cache.py
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/cache.py
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__init__.py
Resource
win7-20231023-en
Behavioral task
behavioral6
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__init__.py
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__pyc.pyc
Resource
win7-20231025-en
Behavioral task
behavioral8
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__pyc.pyc
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/pyarmor_runtime.dll
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/pyarmor_runtime.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral11
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/updater.exe
Resource
win7-20231020-en
Behavioral task
behavioral12
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/updater.exe
Resource
win10v2004-20231023-en
Behavioral task
behavioral13
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/main.exe
Resource
win7-20231020-en
Behavioral task
behavioral14
Sample
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/main.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral15
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/cache.py
Resource
win7-20231025-en
Behavioral task
behavioral16
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/cache.py
Resource
win10v2004-20231023-en
Behavioral task
behavioral17
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/cache.py
Resource
win7-20231020-en
Behavioral task
behavioral18
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/cache.py
Resource
win10v2004-20231023-en
Behavioral task
behavioral19
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__init__.py
Resource
win7-20231020-en
Behavioral task
behavioral20
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__init__.py
Resource
win10v2004-20231020-en
Behavioral task
behavioral21
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__pycache__/__init__.cpython-311.pyc
Resource
win7-20231025-en
Behavioral task
behavioral22
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__pycache__/__init__.cpython-311.pyc
Resource
win10v2004-20231023-en
Behavioral task
behavioral23
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/pyarmor_runtime.dll
Resource
win7-20231023-en
Behavioral task
behavioral24
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/pyarmor_runtime.dll
Resource
win10v2004-20231023-en
Behavioral task
behavioral25
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/updater.exe
Resource
win7-20231023-en
Behavioral task
behavioral26
Sample
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/updater.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral27
Sample
FRASKEY BYFRON BYPASS/main.exe
Resource
win7-20231025-en
Malware Config
Targets
-
-
Target
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/cache.py
-
Size
2KB
-
MD5
7519218777c60df0ffc3e4ab964d56c6
-
SHA1
008d2e071a1f0c5634e8772efdd3033ab3396e71
-
SHA256
71074cab1ee11f6460ce09c5a4240df3e2e42c1169ab5b368f9adf010e3a15cf
-
SHA512
81ab7b7f54f1e47a63391a3ee4ba978807a54c43830f65e42409aff95a738bde502591e54b8da29d59e0cf735a5a043a893da1ff7b4e9a78ab2050b5063bdc12
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/cache.py
-
Size
2KB
-
MD5
d9656d0f040ca522a6097eb1856e075b
-
SHA1
7fe80c0a8389f7315ad3e05f7f2e97cc96f0135c
-
SHA256
755ad113350ee4a379d29ccea1df35376ec6c5700ba01298b8914f69fd7a6c30
-
SHA512
2dae5611fd1647dcaf225a47932e6c3cfa95b65caec5cb59fd2af172d6670924079391a313960e9312c6b83e9e80939d907a2f0101be7115642ed7fad48e6342
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__init__.py
-
Size
103B
-
MD5
9b4c436b17f43581e431200474d1f2f2
-
SHA1
efca249c0614300ad6dfac40444f7617086c4ead
-
SHA256
02b2adbb908ec88b554d8177070a1dab8032eb2f727307ad45365f5992ac2e2c
-
SHA512
91d0648777af8537e13926563cbdc520c0cf4a13cdd4b8e5adc576d545013acaaaf37dc0a00f3e0c306f2f6813a2bc5faeabaf3da81ffaadb6b1823c670ac68d
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__pycache__/__init__.cpython-311.pyc
-
Size
247B
-
MD5
018b8c21f66d8a2ebb99eddb6f5103be
-
SHA1
78b29b7d8c3f392738ead764f826ee6863334f54
-
SHA256
e7b72629c0f7b9fa9615d1237240b491842318d1ac9f78b0c1d51f205d8bf3c7
-
SHA512
88e3c506be1a5d39126bed3c0b5c972d7a8935a1236e5ce57988f916533e60ec2b90841f816972572ebdf7ae5fc2d0ac5e3316b662e19708dc95b6e00082abea
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/pyarmor_runtime.pyd
-
Size
600KB
-
MD5
67f4b04512bb06cd50af541cd3e07ad0
-
SHA1
a4913e74341253971fcdd131c252290bcb408ff5
-
SHA256
26b332a94abb30b455884aa9205cabc8a1078d2b486af5f0095c875ff46ee3be
-
SHA512
13d99b3d23d1072884242980406a4b2657ba1ccb7fdad868ebdb264398852f10c99324dabf18d50be2dc5a300dc27124c46416deae6fdbc6b24e41497710e732
-
SSDEEP
12288:3QlwFgoOcOwdc+7fUoPkjUOWgnE7v61s:30cOwdc+7fUoPkjUOWgnqy
Score1/10 -
-
-
Target
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/library/pycache/cached/dist/updater.exe
-
Size
61.7MB
-
MD5
ffbd03c3d389925d608907b7fddbc8df
-
SHA1
23aa84e94fb35c25cf7e394eb83d3a2c12b56e5b
-
SHA256
e58ad920ddc9b68470893f629f60edaaf8abedaa72df10671745eb0d092f84de
-
SHA512
bcc2bef5f8d0edc6017f361712595b9ed0805464ac66a7114078b8c40e8b3fa852abec0db6cbf58eb1edf8ae32e802f431fb62aecf23ec0857ff427c788a07c6
-
SSDEEP
1572864:ym6EHMiXIHPxnRF+R49qYwemWbkSSBuCy3Dm45N6aToJQERJ:x6EHcHPBCR49QedbLCuCgDmqIaTCQERJ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
FRASKEY BYFRON BYPASS/FRASKEY BYFRON BYPASS/main.exe
-
Size
17.6MB
-
MD5
b934ee8c62d7bdb865794adfdd929856
-
SHA1
4b585e41ae72ecdff7ad017e35052ae28330bd39
-
SHA256
6cc4bb09ba75d84498fb4b8197a5e2ec4e3c6ac4a19bc6d6a114ff8e38116ce9
-
SHA512
d8d21c162646e12700385620a02dad3a85e9a9349f0315222f4b9b394d7494544b963369248087c31f69ed27090fd777216aad8fc633ffc4eed8be13ce1ee5ca
-
SSDEEP
393216:PqPnLFXlr7gQpDOETgsvfGOg+nU4FxvEMAAdjdLW:iPLFXNEQoE55U4FG0jB
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
FRASKEY BYFRON BYPASS/library/pycache/cached/cache.py
-
Size
2KB
-
MD5
7519218777c60df0ffc3e4ab964d56c6
-
SHA1
008d2e071a1f0c5634e8772efdd3033ab3396e71
-
SHA256
71074cab1ee11f6460ce09c5a4240df3e2e42c1169ab5b368f9adf010e3a15cf
-
SHA512
81ab7b7f54f1e47a63391a3ee4ba978807a54c43830f65e42409aff95a738bde502591e54b8da29d59e0cf735a5a043a893da1ff7b4e9a78ab2050b5063bdc12
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/cache.py
-
Size
2KB
-
MD5
d9656d0f040ca522a6097eb1856e075b
-
SHA1
7fe80c0a8389f7315ad3e05f7f2e97cc96f0135c
-
SHA256
755ad113350ee4a379d29ccea1df35376ec6c5700ba01298b8914f69fd7a6c30
-
SHA512
2dae5611fd1647dcaf225a47932e6c3cfa95b65caec5cb59fd2af172d6670924079391a313960e9312c6b83e9e80939d907a2f0101be7115642ed7fad48e6342
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__init__.py
-
Size
103B
-
MD5
9b4c436b17f43581e431200474d1f2f2
-
SHA1
efca249c0614300ad6dfac40444f7617086c4ead
-
SHA256
02b2adbb908ec88b554d8177070a1dab8032eb2f727307ad45365f5992ac2e2c
-
SHA512
91d0648777af8537e13926563cbdc520c0cf4a13cdd4b8e5adc576d545013acaaaf37dc0a00f3e0c306f2f6813a2bc5faeabaf3da81ffaadb6b1823c670ac68d
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/__pycache__/__init__.cpython-311.pyc
-
Size
247B
-
MD5
018b8c21f66d8a2ebb99eddb6f5103be
-
SHA1
78b29b7d8c3f392738ead764f826ee6863334f54
-
SHA256
e7b72629c0f7b9fa9615d1237240b491842318d1ac9f78b0c1d51f205d8bf3c7
-
SHA512
88e3c506be1a5d39126bed3c0b5c972d7a8935a1236e5ce57988f916533e60ec2b90841f816972572ebdf7ae5fc2d0ac5e3316b662e19708dc95b6e00082abea
Score3/10 -
-
-
Target
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/pyarmor_runtime_000000/pyarmor_runtime.pyd
-
Size
600KB
-
MD5
67f4b04512bb06cd50af541cd3e07ad0
-
SHA1
a4913e74341253971fcdd131c252290bcb408ff5
-
SHA256
26b332a94abb30b455884aa9205cabc8a1078d2b486af5f0095c875ff46ee3be
-
SHA512
13d99b3d23d1072884242980406a4b2657ba1ccb7fdad868ebdb264398852f10c99324dabf18d50be2dc5a300dc27124c46416deae6fdbc6b24e41497710e732
-
SSDEEP
12288:3QlwFgoOcOwdc+7fUoPkjUOWgnE7v61s:30cOwdc+7fUoPkjUOWgnqy
Score1/10 -
-
-
Target
FRASKEY BYFRON BYPASS/library/pycache/cached/dist/updater.exe
-
Size
61.7MB
-
MD5
ffbd03c3d389925d608907b7fddbc8df
-
SHA1
23aa84e94fb35c25cf7e394eb83d3a2c12b56e5b
-
SHA256
e58ad920ddc9b68470893f629f60edaaf8abedaa72df10671745eb0d092f84de
-
SHA512
bcc2bef5f8d0edc6017f361712595b9ed0805464ac66a7114078b8c40e8b3fa852abec0db6cbf58eb1edf8ae32e802f431fb62aecf23ec0857ff427c788a07c6
-
SSDEEP
1572864:ym6EHMiXIHPxnRF+R49qYwemWbkSSBuCy3Dm45N6aToJQERJ:x6EHcHPBCR49QedbLCuCgDmqIaTCQERJ
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
FRASKEY BYFRON BYPASS/main.exe
-
Size
17.6MB
-
MD5
b934ee8c62d7bdb865794adfdd929856
-
SHA1
4b585e41ae72ecdff7ad017e35052ae28330bd39
-
SHA256
6cc4bb09ba75d84498fb4b8197a5e2ec4e3c6ac4a19bc6d6a114ff8e38116ce9
-
SHA512
d8d21c162646e12700385620a02dad3a85e9a9349f0315222f4b9b394d7494544b963369248087c31f69ed27090fd777216aad8fc633ffc4eed8be13ce1ee5ca
-
SSDEEP
393216:PqPnLFXlr7gQpDOETgsvfGOg+nU4FxvEMAAdjdLW:iPLFXNEQoE55U4FG0jB
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-