Overview

overview

10

Static

static

7

70ceb0c118...2b.exe

windows7-x64

10

70ceb0c118...2b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70ceb0c11838add0cfccb2efcdc8f62b

  • Size

    5.4MB

  • Sample

    231226-qb69eafccm

  • MD5

    70ceb0c11838add0cfccb2efcdc8f62b

  • SHA1

    6522e16406c85f47ead1c77315a538ee3b6294bf

  • SHA256

    fa27a3c569f5a56329af800f665eb1db353fb39c93c94446b617936f6cfd5fec

  • SHA512

    e82458c1ae70acd3c618b608e65d0332947a132e46e7f4f972204ab6718fc25ef9986f17669259cccf44006ce5f53f4cc543d01e9abb4ced1de6d3e0cbce9447

  • SSDEEP

    98304:FTX6fzwPIlCtCmZukBTrnFuaUz823LFnGk35zieIOWooX/HH9TcHk/8t3:94zwPIZBUrnFhUz823JnGk35FO9X/Hdf

Score
10/10
growtopiastealervmprotect

Malware Config

Targets

    • Target

      70ceb0c11838add0cfccb2efcdc8f62b

    • Size

      5.4MB

    • MD5

      70ceb0c11838add0cfccb2efcdc8f62b

    • SHA1

      6522e16406c85f47ead1c77315a538ee3b6294bf

    • SHA256

      fa27a3c569f5a56329af800f665eb1db353fb39c93c94446b617936f6cfd5fec

    • SHA512

      e82458c1ae70acd3c618b608e65d0332947a132e46e7f4f972204ab6718fc25ef9986f17669259cccf44006ce5f53f4cc543d01e9abb4ced1de6d3e0cbce9447

    • SSDEEP

      98304:FTX6fzwPIlCtCmZukBTrnFuaUz823LFnGk35zieIOWooX/HH9TcHk/8t3:94zwPIZBUrnFhUz823JnGk35FO9X/Hdf

    Score
    10/10
    growtopiastealervmprotect

    • Growtopia

      Growtopa is an opensource modular stealer written in C#.

      stealergrowtopia

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks