Behavioral task
behavioral1
Sample
f01ed61c293a838f8db9cd86e84eaeee.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
f01ed61c293a838f8db9cd86e84eaeee.exe
Resource
win10v2004-20231215-en
General
-
Target
f01ed61c293a838f8db9cd86e84eaeee
-
Size
13KB
-
MD5
f01ed61c293a838f8db9cd86e84eaeee
-
SHA1
f052e9481b6613588474c90395cc7a3b9339f71c
-
SHA256
c28331ddbb9f519cfe6b6dbed4f947438e2a1aa5e09a583a44321152d9bdfe90
-
SHA512
a5273c7be22b73682e9ad02c8fc6eacd4a1161335bcba1b80ac470cece1270ab24c72a88529f449e48beba8fa6b1a2cb19f104ec291bc879f3ebede406309c18
-
SSDEEP
192:F63ft5sW0h0ExU+XP5aJf9lJMCl7M+J5068KcwuZ:mtKW/aP8Jf9/XJM8pu
Malware Config
Extracted
growtopia
https://discord.com/api/webhooks/868185685511798824/n1UTeZkfBFoxLWBaV9dnLZ0QpTexYyhEZWPPeMAw8jxUZJ6gQkBUFF9Om3akpjQoXALi
-
payload_url
https://cdn.discordapp.com/attachments/805061254648954893/845198803157123072/savedecrypter.exe
https://cdn.discordapp.com/attachments/831259039135563876/844989460450115584/Screenshot_2.png
Signatures
-
Growtopia family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource f01ed61c293a838f8db9cd86e84eaeee
Files
-
f01ed61c293a838f8db9cd86e84eaeee.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ