Overview

overview

10

Static

static

10

yeno slott...yy.exe

windows7-x64

7

yeno slott...yy.exe

windows10-2004-x64

7

yeno slott...yy.exe

android-9-x86

yeno slott...yy.exe

android-10-x64

yeno slott...yy.exe

android-11-x64

yeno slott...yy.exe

macos-10.15-amd64

1

yeno slott...yy.exe

ubuntu-18.04-amd64

yeno slott...yy.exe

debian-9-armhf

yeno slott...yy.exe

debian-9-mips

yeno slott...yy.exe

debian-9-mipsel

Resubmissions

28/09/2024, 21:15

240928-z38e8azbpc 10

24/03/2024, 05:13

240324-fwdgqacf3z 10

24/03/2024, 04:50

240324-fgdh6sce5s 10

24/03/2024, 04:43

240324-fcdy5sce31 10

24/03/2024, 04:27

240324-e29xfacd4z 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    slotted_DO_NOT_LEAK_LOADER.rar

  • Size

    8.0MB

  • Sample

    240324-fcdy5sce31

  • MD5

    a7804bf3bf7a47566ec0f05625940687

  • SHA1

    8172737195dccab632224c333f6b70db8904e8fa

  • SHA256

    60eadf810d1795222cbafba0180affe1cf65cc22a565a321102b471b6903eaf1

  • SHA512

    eaa2a7908f6cb6de9c830ae4efa685624960ddc991d2178142b70fc84acf6451bc8f970105be774ebfbecfcc57d38c8ab1e4e9a42257c195b7fb0d1e73c15dd0

  • SSDEEP

    196608:7EIIN3ruklDH2CPWDxxO9Hcrbhvj2UEh5s8uMvHTQfgo92skMazlb:7E3hbVPWdg9HcrbljsvHpossXa9

Score
10/10
blankgrabberandroidlinuxmacosspywarestealerupx

Malware Config

Targets

    • Target

      yeno slotted so sexyyyyyyy.exe

    • Size

      8.2MB

    • MD5

      def8840241246f7ffd84e685fd112df0

    • SHA1

      0fe476723a584a4af31db476916b6b7b7103ced6

    • SHA256

      677d8b0da2b7f4df529b45f5546b4778ee052f8deaa55972690078547e111fd7

    • SHA512

      de06a20842be32d8a14fd8861d6f141f74055f736660899fec3f792115f9a76b41252ce4381b4cd1ccc3f41f7925f1fdb7a7ce982438c100b9a1f94ac88bd560

    • SSDEEP

      196608:fjP+sxfN+/urErvI9pWjgU1DEzx7sKL/s1tySEQAkjUWlRH2WR:7XxfE/urEUWjhEhn01tv392WR

    Score
    7/10
    upxspywarestealer

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral10behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

MITRE ATT&CK Enterprise v15

Tasks