Overview
overview
3Static
static
1limited_sn...ain.py
windows11-21h2-x64
3limited_sn...t__.py
windows11-21h2-x64
3limited_sn...buy.py
windows11-21h2-x64
3limited_sn...esh.py
windows11-21h2-x64
3limited_sn..._id.py
windows11-21h2-x64
3limited_sn...ken.py
windows11-21h2-x64
3limited_sn...t__.py
windows11-21h2-x64
3limited_sn...ist.py
windows11-21h2-x64
3limited_sn...ive.py
windows11-21h2-x64
3limited_sn...our.py
windows11-21h2-x64
3limited_sn...one.py
windows11-21h2-x64
3limited_sn...ree.py
windows11-21h2-x64
3limited_sn...two.py
windows11-21h2-x64
3limited_sn...ler.py
windows11-21h2-x64
3limited_sn...ive.py
windows11-21h2-x64
3limited_sn...our.py
windows11-21h2-x64
3limited_sn...one.py
windows11-21h2-x64
3limited_sn...ree.py
windows11-21h2-x64
3limited_sn...two.py
windows11-21h2-x64
3limited_sn...rt.cmd
windows11-21h2-x64
1Analysis
-
max time kernel
1400s -
max time network
1160s -
platform
windows11-21h2_x64 -
resource
win11-20240214-en -
resource tags
arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system -
submitted
20-02-2024 20:10
Static task
static1
Behavioral task
behavioral1
Sample
limited_sniper-main/main.py
Resource
win11-20240214-en
Behavioral task
behavioral2
Sample
limited_sniper-main/src/__init__.py
Resource
win11-20240214-en
Behavioral task
behavioral3
Sample
limited_sniper-main/src/buy/buy.py
Resource
win11-20240214-en
Behavioral task
behavioral4
Sample
limited_sniper-main/src/cookie/refresh.py
Resource
win11-20240214-en
Behavioral task
behavioral5
Sample
limited_sniper-main/src/cookie/user_id.py
Resource
win11-20240214-en
Behavioral task
behavioral6
Sample
limited_sniper-main/src/cookie/xcrf_token.py
Resource
win11-20240214-en
Behavioral task
behavioral7
Sample
limited_sniper-main/src/discord_bot/__init__.py
Resource
win11-20240214-en
Behavioral task
behavioral8
Sample
limited_sniper-main/src/handle/split_list.py
Resource
win11-20240214-en
Behavioral task
behavioral9
Sample
limited_sniper-main/src/handle/v_five.py
Resource
win11-20240214-en
Behavioral task
behavioral10
Sample
limited_sniper-main/src/handle/v_four.py
Resource
win11-20240214-en
Behavioral task
behavioral11
Sample
limited_sniper-main/src/handle/v_one.py
Resource
win11-20240214-en
Behavioral task
behavioral12
Sample
limited_sniper-main/src/handle/v_three.py
Resource
win11-20240214-en
Behavioral task
behavioral13
Sample
limited_sniper-main/src/handle/v_two.py
Resource
win11-20240214-en
Behavioral task
behavioral14
Sample
limited_sniper-main/src/lookup/reseller.py
Resource
win11-20240214-en
Behavioral task
behavioral15
Sample
limited_sniper-main/src/lookup/v_five.py
Resource
win11-20240214-en
Behavioral task
behavioral16
Sample
limited_sniper-main/src/lookup/v_four.py
Resource
win11-20240214-en
Behavioral task
behavioral17
Sample
limited_sniper-main/src/lookup/v_one.py
Resource
win11-20240214-en
Behavioral task
behavioral18
Sample
limited_sniper-main/src/lookup/v_three.py
Resource
win11-20240214-en
Behavioral task
behavioral19
Sample
limited_sniper-main/src/lookup/v_two.py
Resource
win11-20240214-en
Behavioral task
behavioral20
Sample
limited_sniper-main/start.cmd
Resource
win11-20240214-en
General
-
Target
limited_sniper-main/src/buy/buy.py
-
Size
4KB
-
MD5
364ee0e570a85560a2f157f7ad18b3dc
-
SHA1
4c6fc32bc3dba082298e0cd74b820bf8ddec264e
-
SHA256
7e19fc7abed3b34b13117e8a7c9e606f6a46ed217a415e3a11ba7e02517e0cac
-
SHA512
6a4df446362f656049e88fac98bafa64a68b50e3d2c31c9864669c9febfa0f8ea89b546ece043a4884ce8cf9780556a32c249c3300fcb63a07758a649dbfc167
-
SSDEEP
96:+OeIAsXxY9+xZ3gnpoAs2v5IIAsEIAsBoWIAsJq8poAs2ISjIAs5IAs0:SIA/npoALvGIAlIA6IAgpoALIIIAaIAB
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-176679640-153325197-3537295364-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-176679640-153325197-3537295364-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 764 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\limited_sniper-main\src\buy\buy.py1⤵
- Modifies registry class
PID:2384
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
704KB
MD5621741672a3be1c4aeca255e5fe95f61
SHA11ee1f358ed7d368bbcc60545bd9ea3af853f2a0b
SHA25600da902687c92058db8412541c6bf2706a5de4dc14900c291e23129d27825c93
SHA512cafc59faf9b5408defee08caddb8068a206efb3c3b9d7f269e3e13297ef0615e43b1c5a5fe48358c8a902d815e716f0a6b0ac8f6ed93fd142de3ff37e5308e3b
-
Filesize
608KB
MD580a5805167491c801012dec06170d626
SHA17e31c359e5e28947e967721b0f1c2ed2c6614e21
SHA256c5ea582c2894d4119f20000a41ea6ed11f69111af7d894ff22ca0b15bdfd0fdb
SHA5123e882c392f196f68ab8a678a684e4dc1b5b8fca940d2416c62837315ea55db4cd483118b805ac3de83589105c1357a8e808f661b9726ecf57770595b613a8057
-
Filesize
416KB
MD5cb7f7bbe51d3cdd04da993fd63928645
SHA10c6d945b4e0f14f8f23a767fd260bdb25eedc7a7
SHA2562190e0061205a1b2e6836ed5c914664375de13fcb5a05ccf1da4fe4b8fd013eb
SHA5125b26d10480fe64efff60763cc42258d46583760cc9f7de6668226e0ac9bedd6b6a6db7e02d2fcf50c279f5ded9013ecf4478dd6d7795b707acb351f1d6761776
-
Filesize
576KB
MD59e5ce55126a9005b391938edf526c0c4
SHA16d4223883768f68fcfa286202e3c03b7e011e371
SHA25678e11bbfff545dbf4c07d957db1b7be4d56984523c6ebe6b071412f049c2350b
SHA5126f28d6f08f7036ae652b541d331726c4dab0123cc61a61262f04aa797bbd147741f62f53511857dfced9cde30c4c09f035d648aa580d5e09ccc8ebda601ecc70
-
Filesize
640KB
MD577011512e9c8fca8ad6bdfb7c5e724ec
SHA1f1a0e242077c15a2d7f3a06f69b72a27ec8cadf8
SHA256a5c99311c7260e6e9457c6ba810d93f4ee5b52338b0d185749b9883d79b30ab5
SHA51208f1378c6269e348ec9ed77de1663cce63d9fe0f8377cc7a13ab31f4901fa8471b5fc69fba8b12053d809bdb58007631eca9fcd3d6ef656fa778e229171f08ba
-
Filesize
640KB
MD518e747e2ab3eadabd5b09dd1e5192c98
SHA1143849471e4b5e53ff26817e596871586fd36e1e
SHA256f1a83b1937c00eb9ad29716e79bf0a176822c8cd02515a21760703d09a107a8c
SHA512b709ba5a0c2e8e4d8f97dfc90e8a217da8a2a2ea2e6b173b72421427a6a3e139bbddc1dfc5f735bbb07727ff55e5fcb29126e1825154bdad4475b582579fa453
-
Filesize
695KB
MD57b938954337987b8a08c03c9e297c929
SHA1d214716bbe169306f74234d0dd4800c617b21606
SHA25690eef2bdf8d493d3ecc0f4b566603196cf48a1287fecaf95a4025e60e45ced15
SHA512e62f651c15e3142da5ae2fd676aab4012ea3ef1fd8f766032301302458b710a96399c5fcdc51326cfc4c3e289040e5e7fb2d067554cb62ca6b6718fc1205b388
-
Filesize
480KB
MD5a52a7bdb860fb7a30fef419fa9e24ddd
SHA19b81cef65ef329f3f3c77b3882b217c325cc1295
SHA2560057799cb4ffb6f333a4300464684c48f4caa8330c78a810c69ff69a94154958
SHA512f85360097c9d99aa59f64b7f30fb70423535842183e1d437d3696579e228cda97fb3d759920a3ef68e3cf91415ef145f21b68943d92a84766854ffa30b9e04bd
-
Filesize
704KB
MD5aa2b5daa01afa8f4765ae8a523a64c46
SHA17cb31be2d95c622c565de6927750204fcc4656b1
SHA256c2b8c41c324916912853cb0b0a98add92bcbb861edbb950862758fdf81ac7e02
SHA51208dce84aa63f6b82ec5cdbe85a9b7917f4ec516c5dea02f8700116b1a73395c5b36ad17ef551475c6ca9b0c7c80c87af237eadbd787a932f9a4c6ab8c2debcb3
-
Filesize
448KB
MD5e06921d72e3e16aa37da34b2e3c8c058
SHA113c082270818e2915ec4647a38932b780cb171db
SHA2561437884e642cbe91ce44881c6a1c515b183f33775a4288321b28f435236a5a95
SHA51222e667f3c6dd96841fbe370ee1eb5b749efacb414e05b8f4365bd5ba3a324e97870563be9ea33b07d8619a20b23fdb32c9f81f4789d40efc6e278ff6865d5fca
-
Filesize
576KB
MD5f4080cad322c1ca2b8c475b8f4ef8116
SHA15a1f4a5afc9fb734744b890e099ace02d71a2da9
SHA25633f19c66591e332f38dc5c8de50b9604acb8e5d825323136219500b17636d9f3
SHA5124c8eadf1af8349697ec027fc410df4eaa994735c896a594971d7c22212d876f6c4c9aaaac1141d77dce064e4172a509c071eaf50f36a2f891a68c1b040190d66
-
Filesize
576KB
MD52a1ca366e1576776da24d94a3e4abb5c
SHA165e70f4dce80aaed83df4821a8f86ff642fc75b8
SHA256f09e1f831f140433d6fab483206939889e9ca00f59798cd692b7a4de0ff2f08d
SHA51294e088d423f66241f3847335aa104ccd9033ed8f49cc87e4acbc0e6904b119cce674046e3c4cd4eaee3364a2b33934a693009945c8f18c77befd3938355ed2a9
-
Filesize
832KB
MD5173e02fd6c067d71760b619453eeb9f9
SHA137d04320ab74582d0360d0c4622c9eba6666f49e
SHA25695fdbe4785c7c56412c0187af7e41bf7e0ea03149ac88ef81b4e03b27d549ca1
SHA5125ba52a4c0f9f273d17bc6b3e53daebc6cd8f879aebec484b3f18c5640d6f22d303e1e8b630d96aa14a59f534eed605986605d1942e5ecf82552dd911cbef70b7
-
Filesize
1.1MB
MD5928eb8a1b2f89fa0682469466e6bbe17
SHA1be130a75b1991984c7e432cb8b0847234cbdf9e4
SHA256c8646de08b3bf1d016b50bba8824b4d2234b53371cc81ff1e0546e3074571e9f
SHA512ae8e1b58cae81b7634bf6556b2dd1921f47c332276e1fa840a5ed92e06d3a1a3f6ad08d72f2585a44cb1d1b2d68b15427de5b5747d9f68d616010aa628215353
-
Filesize
768KB
MD5e665c2e9e05246f6fe61db51796e0ab6
SHA1a738348cff07f849f6ae25649e26ee0359e62658
SHA256350bf91f3d5fabe12b096a441ce4703abcb5e34086b54c896f4c8e544a516f84
SHA512008de803a5f330d5b447f8df4c804fe8c042113b72885e906b5fedeaf4c22953fdb3c033429447d5f714e31312e9cb005aa731e2a775685ed4f7678942a5d8a2
-
Filesize
512KB
MD5470ba30ed9b42a22ee47728c85d41bb8
SHA1f49c877b3a08a5eaf7099a94467b514da57d8446
SHA256b58196c480279a048b2c548b426c4aff0e78fa5117d9ef4e58bce3c64f63134e
SHA512df1ac256627ce8012c40eebadc47da67361f4f19ed0e457d3e38afc92792e413e690e2b60097923c7fe2e958c67f8515af18167424f4b0a7bccd603ed6a81c5b
-
Filesize
640KB
MD5cb28e683558858b7c272938a31d9bfbe
SHA120afa31b8af02cc444e115de37960aa10eb3cba7
SHA25608bc56a153a38e23b5a7e1c4245d12351b8e1d51c66177aa3b97c6fe69e16acb
SHA51240ff4a039aa22e397e2df6ff4ad1b4289e2d911d7b93e04ad863338586b7e62a37152c951d9ca8837c0b099823ff3a1f9302d72c2c2d0eab7c4ed8e074b73d4c
-
Filesize
800KB
MD5a5fbc442bd010826e3c62ea6bb8fc3a0
SHA195db26fa1081a48dc95a8837489dd33e9883b34f
SHA25664e05fec7316da8f966189dd289a1d3a0760eec79dac9f0cfe8405554d29012a
SHA512296e569c9bc675c6906820bb88c5891fe08a8ad1d4da4fbfd4f0eebc086579a89ede848524a6c43130fea2a69c94e9754d8eac401d97f9eb7ea8853183c20a1c
-
Filesize
384KB
MD58e92d6e4696de1858c16b2102b25a6c4
SHA1fb196621e29c8916b16f98b40814b456c3c86905
SHA2569f815302b54dc43ff53c8fee6bf98d28c2d1ce1858e18b656e2c8b0c65cbe967
SHA5129afc7c3bdbd232be617ae97e233685ef5f796309b1af29752d9817d2d58d51fac9867bacfd7c81d735312552d48d174836214f204197c81e75c45c08b37aa850
-
Filesize
704KB
MD5dda0025ef089df3a7c5f7206a8638ad2
SHA1aa2d45a2c974dbc1162ce9833871ead59269389e
SHA256e94de7d72e722678962ecf95e45dfa864c7cde62d4ae37791dc217c78ec7dd8a
SHA512acfd41a884c3312126fcfcb9188c6fecce2788a363af47c913faefc65f03e7ceebc67c9caf6cb21549f6a6d6a70b9534391189fb2cdaffd25846f51c0daa426d
-
Filesize
576KB
MD582bca645f4bb0eef493a834f867484ef
SHA196be1a51cb0fe4cdb101b2463ed6ffff6381251c
SHA2567e3991697288ac3e7be8731126751920c3e7de328403c5cb69dc03b4aa5d4e2c
SHA5123178d620b44bf5cc92411ecd6029cacc0f6c72f0ec46f9521efbfa593e167e175656c584f83b3f9bdb26ed86066a9606a6d225e7e27ba0e7a0ab3904fd06e137
-
Filesize
544KB
MD5fa9489190fbb686b36491690bd5a7444
SHA1562b84e0e882148b55995c2ecb3a6756fc755c17
SHA256902a764758f3a2906eaa7acc822117b4cdc1b4e4e021ec96e0c6c1fc15aa6dd1
SHA512e42e430a97901265f85d6e090bfb3cbb34a67f96f4ab77ef1cb59681526361fabf95a522ae72e109fff64c65ad1099acc80e1cc175cc21d162cdb07a3ab5bf44
-
Filesize
672KB
MD5c47aabf1fb727b654629edeb9a0b0211
SHA16dee5513d95757a261682d97d69c7e1f565fc0d1
SHA2561568b5421ac424f6e60d81dd4afe9c848d31d9f74734522564a29eb14386554a
SHA51227f89c2ba58f341ab90b9c3159d50d1fa17005838c1b537540f49c5f4de3538d2c309126c84b741022149014381c5a81fa2358e09a67de2b12087c101b9a2d98
-
Filesize
768KB
MD584e4c9d665c98880d402668e85596cc8
SHA1b652378ead31d13dadea4bd5163d5150dfa885e6
SHA256ba1683fefc5ff7e07910031198e6a14e33c87ee0c824a9c3d4dbdea426c90aaf
SHA51254fc39b8e9288027c4489f8bcc75ee779f6ab78bd6626ae6fb89944e1c37fa1e6815b970cb0cea96338a3473386bba938db272c14653c26fa746e87a7f4bbaa2