General

  • Target

    f01ed61c293a838f8db9cd86e84eaeee

  • Size

    13KB

  • MD5

    f01ed61c293a838f8db9cd86e84eaeee

  • SHA1

    f052e9481b6613588474c90395cc7a3b9339f71c

  • SHA256

    c28331ddbb9f519cfe6b6dbed4f947438e2a1aa5e09a583a44321152d9bdfe90

  • SHA512

    a5273c7be22b73682e9ad02c8fc6eacd4a1161335bcba1b80ac470cece1270ab24c72a88529f449e48beba8fa6b1a2cb19f104ec291bc879f3ebede406309c18

  • SSDEEP

    192:F63ft5sW0h0ExU+XP5aJf9lJMCl7M+J5068KcwuZ:mtKW/aP8Jf9/XJM8pu

Score
10/10

Malware Config

Extracted

Family

growtopia

C2

https://discord.com/api/webhooks/868185685511798824/n1UTeZkfBFoxLWBaV9dnLZ0QpTexYyhEZWPPeMAw8jxUZJ6gQkBUFF9Om3akpjQoXALi

Attributes
  • payload_url

    https://cdn.discordapp.com/attachments/805061254648954893/845198803157123072/savedecrypter.exe

    https://cdn.discordapp.com/attachments/831259039135563876/844989460450115584/Screenshot_2.png

Signatures

  • Growtopia family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • f01ed61c293a838f8db9cd86e84eaeee
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections