Overview
overview
10Static
static
10w-azure fixed.exe
windows7-x64
7w-azure fixed.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
w-azure fixed.exe
-
Size
79.2MB
-
Sample
231205-tk1prscb2s
-
MD5
386c55fcc2cdedd0582fcde5a692cb5c
-
SHA1
460f1ffc5a0426326c5e01bb7bc9ac03b0db68d0
-
SHA256
f633400fb27c3202b88f03ac6ab94d48007c51158419019300dfdb8730924b60
-
SHA512
73f3dedae22847a2d6989c5ed97ed799f50aa8b5789e3e12933d3b4712ce1d959af828d47bce391b3cd1fae4ae0c7f95669cbef1134b31b5aadda8bb9832ae54
-
SSDEEP
1572864:W2MbiJR5Q3jewElSk8IpG7V+VPhqArIE7DjCNtOWlsnghowmaOll8WCaw9FVBCds:WZbC+CJSkB05awArlu/dsghfxOll8taN
Behavioral task
behavioral1
Sample
w-azure fixed.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
w-azure fixed.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231127-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20231201-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20231130-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20231130-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20231130-en
Malware Config
Targets
-
-
Target
w-azure fixed.exe
-
Size
79.2MB
-
MD5
386c55fcc2cdedd0582fcde5a692cb5c
-
SHA1
460f1ffc5a0426326c5e01bb7bc9ac03b0db68d0
-
SHA256
f633400fb27c3202b88f03ac6ab94d48007c51158419019300dfdb8730924b60
-
SHA512
73f3dedae22847a2d6989c5ed97ed799f50aa8b5789e3e12933d3b4712ce1d959af828d47bce391b3cd1fae4ae0c7f95669cbef1134b31b5aadda8bb9832ae54
-
SSDEEP
1572864:W2MbiJR5Q3jewElSk8IpG7V+VPhqArIE7DjCNtOWlsnghowmaOll8WCaw9FVBCds:WZbC+CJSkB05awArlu/dsghfxOll8taN
Score9/10-
Enumerates VirtualBox DLL files
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
74de84c2540d7a41c6c53e1a528bf1c6
-
SHA1
dd581e009b453e5d14e9c2689b627e580c1a4246
-
SHA256
a2d1379f88e33fec958f733ea162961a43fbd21424713ba7fdc7719d597e017f
-
SHA512
4cc4e1b7ede85192ca7ba4b75acf036ff476d864abebe4f210fa3dbdf173d08098940571719caca400aeb60c0d68550d24bad9d34fc1279b055984a496086d5c
-
SSDEEP
384:cGllyAavwS9F0RW807PPQviowoYbCD+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOSM0d2a8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
d157cf31f7829c5c9c88e656409840c6
-
SHA1
1d53ed755119f80284b52f2e17198e2943452b92
-
SHA256
a68afbac4d16fa89db22d81f6010f520868fafd50c1b2c8d868a662d210301ff
-
SHA512
ccbdfc5c9db196f0a10195c6f52e6fccf073020a6715f2407da23800b12ef9bb6d7e7ffe08cbe448bea7fb7b5ef8772c931e2e129d3ec73151dafcbf7c610793
-
SSDEEP
192:TzOCIeinQfUF9LdwOEVOFc1mNe4qo+zEzzzzz1zz+HoowAE:TzOUiQccEe4qoOIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
31aa260c6cdeaa9d942cd0dcfcadd16a
-
SHA1
a6818f3acf5c2ab9d65b41a81cb92b36b85cc932
-
SHA256
b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c
-
SHA512
0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
704dced7f7530b19a34a5f7a71c26b10
-
SHA1
608d9647488cfa2b5f84a891028168a973bfcfa9
-
SHA256
1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac
-
SHA512
e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f
-
SSDEEP
192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
185KB
-
MD5
745c0bea48104c14b19211336e57b70e
-
SHA1
743b31e7aad34ac3a951ac34a3862d472c02603e
-
SHA256
d9b562bf91fa3b38d3552fd564a66a088bdfd540e14ddc5fc9865e1fc41a9d7d
-
SHA512
4de8e0e9eba51151c062162e275a26905c180ed58b28d5cce02126dbb1d8953fbc4316c3ecea56e279d64bcecad4fa14570f35d25c21be814f485550232e717b
-
SSDEEP
3072:cwLaX/UA9Mei9towPEtelZN+tVZasUngtXX8Ckn0:cwWX/9utow8cN+7ZasUngtXsCh
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1