Overview
overview
10Static
static
10Eyada - Genshin.exe
windows7-x64
7Eyada - Genshin.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
6discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
23-12-2023 23:12
Behavioral task
behavioral1
Sample
Eyada - Genshin.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
Eyada - Genshin.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20231215-en
General
-
Target
Eyada - Genshin.exe
-
Size
26.5MB
-
MD5
ee5a9db3543d621124e768e0e5db60d2
-
SHA1
2c43493f163748871c2d141efd6d063830dd1f98
-
SHA256
1fc4dc449959381784dd2500ea76de0139e40b8aca1d92e6b5d22fb6f927636c
-
SHA512
9b9fc9f8eb7a8868585ff980c5ccfea79b2b0a2f08a6281494940a5481d060123eb045b41cf8a12778ab8498713a9f4dff66e4a3169b2906abd9f0a3447a3a13
-
SSDEEP
393216:HUdMbZ0JLHdB3QNlV8VNetLV+A/pWNdW88RUarfgnfXBB1eDBzs2CUTA53Hyp:HUdMbZ0JR5Ql8+V+A/pWTW8k+CBzEfI
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2192 Eyada - Genshin.exe -
resource yara_rule behavioral1/files/0x000400000001cab5-1085.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2156 wrote to memory of 2192 2156 Eyada - Genshin.exe 28 PID 2156 wrote to memory of 2192 2156 Eyada - Genshin.exe 28 PID 2156 wrote to memory of 2192 2156 Eyada - Genshin.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Eyada - Genshin.exe"C:\Users\Admin\AppData\Local\Temp\Eyada - Genshin.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Users\Admin\AppData\Local\Temp\Eyada - Genshin.exe"C:\Users\Admin\AppData\Local\Temp\Eyada - Genshin.exe"2⤵
- Loads dropped DLL
PID:2192
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD587b5d21226d74f069b5ae8fb74743236
SHA1153651a542db095d0f9088a97351b90d02b307ac
SHA2563cac88119657daef7f79844aeb9da79b45c1f3bb2ea3468b0d4ed26067852194
SHA512788bb26b3f4ce99a2b49eef2742972fe843bdd97d361a6e67237f29376648ea6f874f1f6ba6dd53c74ef51a29e650a02fb99dfc30b5badfa9d2e05491f81d7d6