Overview

overview

7

Static

static

3

TeddyPcFiles.rar

windows7-x64

7

TeddyPcFiles.rar

windows10-2004-x64

7

TeddyPcFil...n).exe

windows7-x64

7

TeddyPcFil...n).exe

windows10-2004-x64

7

TeddyPcApi...ts.pyc

windows7-x64

3

TeddyPcApi...ts.pyc

windows10-2004-x64

3

config.pyc

windows7-x64

3

config.pyc

windows10-2004-x64

3

main.pyc

windows7-x64

3

main.pyc

windows10-2004-x64

3

saved_account_db.pyc

windows7-x64

3

saved_account_db.pyc

windows10-2004-x64

3

TeddyPcFil...g.json

windows7-x64

3

TeddyPcFil...g.json

windows10-2004-x64

3

TeddyPcFil...b.json

windows7-x64

3

TeddyPcFil...b.json

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TeddyPcFiles.rar

  • Size

    15.0MB

  • Sample

    240302-yxcwpagh3x

  • MD5

    92ea86159fe1bad39d728cf8f39180ce

  • SHA1

    9095fe0ab27975347ab5097182d1e99c51ca7cbc

  • SHA256

    96930d130b4ba009076120a31f70314290241ba2243f6bd5bde14cc6dc170c8a

  • SHA512

    ea9501fe401940bb544da6391aac673932522bf94e1738fbe3cd52c53a308e2320c0d227e2a63e19680e567d2761eca46051608137d22ddb53b2958e06832843

  • SSDEEP

    393216:d0HT0/er7aPo9leU11KPHsXCdgYpmU8O3N4FW:d0meKPsPGP2YoOuI

Score
7/10
pyinstaller

Malware Config

Targets

    • Target

      TeddyPcFiles.rar

    • Size

      15.0MB

    • MD5

      92ea86159fe1bad39d728cf8f39180ce

    • SHA1

      9095fe0ab27975347ab5097182d1e99c51ca7cbc

    • SHA256

      96930d130b4ba009076120a31f70314290241ba2243f6bd5bde14cc6dc170c8a

    • SHA512

      ea9501fe401940bb544da6391aac673932522bf94e1738fbe3cd52c53a308e2320c0d227e2a63e19680e567d2761eca46051608137d22ddb53b2958e06832843

    • SSDEEP

      393216:d0HT0/er7aPo9leU11KPHsXCdgYpmU8O3N4FW:d0meKPsPGP2YoOuI

    Score
    7/10
    pyinstaller

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      TeddyPcFiles/Teddy PC (main).exe

    • Size

      15.4MB

    • MD5

      31183e0d16f4c66a59e6989212ade4e0

    • SHA1

      c8ba290a15f9086b55504083c96a4f4391ec22f8

    • SHA256

      1e440b158dc8162de4704d5985c4c15000df2e2b703dfeaec22fbe6bf7a59b73

    • SHA512

      237a70a53ca0f8c9cf51e755355210220fd04d0f621e331eab4530d897edd18de699488907ff01ce2836ad1c22253323b2a5146b511196f9c6e60ea9676c6a55

    • SSDEEP

      196608:Mq9XaO93xXh04A1HeT39IigwIc0/ajaA0W8/LV2ck3FEpXSOq33NUqfEx:8eXh0h1+TtIiFU/MaHW8p2ypfg62Ex

    Score
    7/10

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      TeddyPcApiRequests.pyc

    • Size

      44KB

    • MD5

      503feaa89ec55b48ba0d250eb0efddb7

    • SHA1

      a364d04b1361aa8dbdf45bd08f8ac27c487f9d70

    • SHA256

      3c7da6fe6d091ea44d2c56c089178156b432971fcb5d80ca6bedb88968f8deff

    • SHA512

      9155684181e64577566b9c3c5cac002069871f7c07befbe32bcd6731055606bafb4e13f735c4f2ea6559b77142a042bc4c76f0d3e24b747d8a4c6f8ab934ccf4

    • SSDEEP

      768:zeXiyP3ZdEVwoeImGlaDgm+owijQ/s3O2:zeXiyRdEVwoeImG4DgojO2

    Score
    3/10
    behavioral5behavioral6

    • Target

      config.pyc

    • Size

      225B

    • MD5

      b6470eb0002f48e946e3d6976f1a2e67

    • SHA1

      5c7721f8214cdaa6b275a7b5f21392801c51052b

    • SHA256

      c2ba61562d0715e827ad178ae29b198bb4b36b6419be93b8e680361dea6430f4

    • SHA512

      bbe03a9249aa1a0c74574e1ae7cf5e7829044114c4797a22e62407f365188a48fd8e407b0daab6d0fc731ed27b2d1c8e11ebf640285c8bb8b3956e4a28a099c8

    Score
    3/10
    behavioral7behavioral8

    • Target

      main.pyc

    • Size

      27KB

    • MD5

      41f7c767ec1ec7826254edd468c46341

    • SHA1

      0f8c08ffbc4e4055510c5ff49182444e9f3b386c

    • SHA256

      53f793e722a296f36a0698e5a2c50858db5f034c6ad3e50b0d2935a7dfcbe0ca

    • SHA512

      9d3ed1b2cfde4cd57586d035e02066407312467411ec7f13fea2dfdd31596c928582a2aa2a44bc684edbfacf02701bdceb85466d83494846d45b0c38a0443b71

    • SSDEEP

      768:nFXTWQLa1soRhsojXN6H517YcKgir+XXZ:nhRLa1s/FH7Di6Xp

    Score
    3/10
    behavioral10behavioral9

    • Target

      saved_account_db.pyc

    • Size

      906B

    • MD5

      4c2131bab2c1c62bb506b778d5fa9f45

    • SHA1

      a68fa68093431a0e75a3e3bea89ebe032ba8246b

    • SHA256

      3c169782e1debfc895794d8be6e29ea6d9688a568bd1c7c0283b45ef0ba3efcf

    • SHA512

      408bb73fbe4a61abb478c34f7917c480d5443e3c83eff2303b986665f6f2f8b22c676e12058b968efccc27e6c20780a95770ff815c53bcbaa666f4bc3ffeee7b

    Score
    3/10
    behavioral11behavioral12

    • Target

      TeddyPcFiles/config.json

    • Size

      99B

    • MD5

      668a1b746e7bce9ff92bcf04fecb2014

    • SHA1

      83d39ef8457d8c03c7e2dff8db688833fe4eb495

    • SHA256

      c5ed2b2dcbda5dc58f8c1ad7652f0c7e0432d5900683b798b72970065817cdb8

    • SHA512

      2b11a3f36223088b203ceae4d1207f1100a6cbb44556e235f82dc4c5ea0d32798800a3b41b99f57e6a30d9a47d773f0bb1b4ca62dff8c9a00be87afbdc3a1208

    Score
    3/10
    behavioral13behavioral14

    • Target

      TeddyPcFiles/saved_account_db.json

    • Size

      2B

    • MD5

      99914b932bd37a50b983c5e7c90ae93b

    • SHA1

      bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

    • SHA256

      44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

    • SHA512

      27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

    Score
    3/10
    behavioral15behavioral16

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

10
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks