Overview
overview
10Static
static
10Fluster.Installer.exe
windows7-x64
7Fluster.Installer.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
Fluster.Installer.exe
-
Size
20.6MB
-
Sample
231106-nh4qraag3y
-
MD5
a38061b6378ce80dec21156a3be93bfc
-
SHA1
b53d6e1f809b83c31b305b28c566bc7c4f16ae71
-
SHA256
23293cb46bc0420025be9a619d0449158feac56bae08846d987dd52872d272ad
-
SHA512
101a4b58b16e73c662a571408688188e8ca890e8f199762270af2d97e783c925f6c627fbf4f49613d652cc523820963a79a92d51b69ccfbc46a987b33f0dfe92
-
SSDEEP
393216:VUdMOZ0JTQDXYCxnOshouIkPUktRL5KkJb8LgSUu16RCOdMs9AC:VUdMOZ0JTQ7YCxOwouYktRLIaLSSW4j
Behavioral task
behavioral1
Sample
Fluster.Installer.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
Fluster.Installer.exe
Resource
win10v2004-20231020-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20231025-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231023-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20231020-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20231023-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20231023-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20231023-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20231020-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20231020-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20231020-en
Malware Config
Targets
-
-
Target
Fluster.Installer.exe
-
Size
20.6MB
-
MD5
a38061b6378ce80dec21156a3be93bfc
-
SHA1
b53d6e1f809b83c31b305b28c566bc7c4f16ae71
-
SHA256
23293cb46bc0420025be9a619d0449158feac56bae08846d987dd52872d272ad
-
SHA512
101a4b58b16e73c662a571408688188e8ca890e8f199762270af2d97e783c925f6c627fbf4f49613d652cc523820963a79a92d51b69ccfbc46a987b33f0dfe92
-
SSDEEP
393216:VUdMOZ0JTQDXYCxnOshouIkPUktRL5KkJb8LgSUu16RCOdMs9AC:VUdMOZ0JTQ7YCxOwouYktRLIaLSSW4j
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
e523026b612006e580e96bd9e2a8882c
-
SHA1
03b9938701f7eff11a0c3632ed805e8188598c88
-
SHA256
8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77
-
SHA512
a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853
-
SSDEEP
384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
b38f506528b3d6d5dbd851426c347b95
-
SHA1
e91bf4ef42128267934e21be0176e552480f5977
-
SHA256
85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b
-
SHA512
ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295
-
SSDEEP
192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
31aa260c6cdeaa9d942cd0dcfcadd16a
-
SHA1
a6818f3acf5c2ab9d65b41a81cb92b36b85cc932
-
SHA256
b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c
-
SHA512
0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
83598b70aceb59c6110ac775b51d5b64
-
SHA1
2838321de9ef685a66af1157ef18d2ac4d9c06ab
-
SHA256
ea26e61dc4ebafcb02301290a96e6fb91ea4df1c111eb6a85f156d95c3c5d8c1
-
SHA512
c8805e7f8a4c4635b44b7611f559de53e8d90c4411631a69dcb9453e7dad13e114efa57793848717da9f410c06d194210406681a52925a0d1dec5f326f61dfd5
-
SSDEEP
192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxrvP9VRvM:Y4EAL/AfRBO8NsxuOxZw
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
51KB
-
MD5
6af595271fadd2e9ce6c946b8d235ae1
-
SHA1
13ff0488c5ada57709cb8bba547d43ba6d687e1d
-
SHA256
b90b8e9af011f2de87c646efde95af7cce62dc953e4d675a046088906ddc159a
-
SHA512
855ce66a22b9aa05a5c39dd054b108c71f148d5b2993300bd29865bea43ef56117bbbfd05f6be28b37f7a2b5dec6d2a4e03f42dd278053663e1534af4a35476c
-
SSDEEP
768:xVO2+NxLa2olULdxuTxTAz+sBJsdPdb0HwcgVa+rVh:oxLaaUFAzdJs8HwcIaih
Score3/10 -