Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
1Byte-Steal....1.zip
windows11-21h2-x64
1Byte-Steal...er.bat
windows11-21h2-x64
1Byte-Steal...12.bat
windows11-21h2-x64
8Byte-Steal...es.bat
windows11-21h2-x64
1Byte-Steal...ger.py
windows11-21h2-x64
3Byte-Steal...DME.md
windows11-21h2-x64
3Byte-Steal...fig.py
windows11-21h2-x64
3Byte-Steal...xe.bat
windows11-21h2-x64
6Byte-Steal...elp.md
windows11-21h2-x64
3Byte-Steal...FP.png
windows11-21h2-x64
3Byte-Steal...E1.png
windows11-21h2-x64
3Byte-Steal...E2.png
windows11-21h2-x64
3Byte-Steal...E3.png
windows11-21h2-x64
3Byte-Steal...E4.png
windows11-21h2-x64
3Byte-Steal...E5.png
windows11-21h2-x64
3Byte-Steal...E6.png
windows11-21h2-x64
3Byte-Steal...al.png
windows11-21h2-x64
3Analysis
-
max time kernel
81s -
max time network
210s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/04/2024, 00:25
Static task
static1
Behavioral task
behavioral1
Sample
Byte-Stealer-1.3.1.zip
Resource
win11-20240214-en
Behavioral task
behavioral2
Sample
Byte-Stealer-1.3.1/ConfigLogger.bat
Resource
win11-20240221-en
Behavioral task
behavioral3
Sample
Byte-Stealer-1.3.1/Download-Python3.9.12.bat
Resource
win11-20240319-en
Behavioral task
behavioral4
Sample
Byte-Stealer-1.3.1/Install-Packages.bat
Resource
win11-20240221-en
Behavioral task
behavioral5
Sample
Byte-Stealer-1.3.1/Logger.py
Resource
win11-20240221-en
Behavioral task
behavioral6
Sample
Byte-Stealer-1.3.1/README.md
Resource
win11-20240214-en
Behavioral task
behavioral7
Sample
Byte-Stealer-1.3.1/ScriptConfig.py
Resource
win11-20240221-en
Behavioral task
behavioral8
Sample
Byte-Stealer-1.3.1/buildExe.bat
Resource
win11-20240221-en
Behavioral task
behavioral9
Sample
Byte-Stealer-1.3.1/discord-logger-help/Help.md
Resource
win11-20240221-en
Behavioral task
behavioral10
Sample
Byte-Stealer-1.3.1/img/BYTESTEAELRDSICORDPFP.png
Resource
win11-20240221-en
Behavioral task
behavioral11
Sample
Byte-Stealer-1.3.1/img/SCREENIE1.png
Resource
win11-20240221-en
Behavioral task
behavioral12
Sample
Byte-Stealer-1.3.1/img/SCREENIE2.png
Resource
win11-20240221-en
Behavioral task
behavioral13
Sample
Byte-Stealer-1.3.1/img/SCREENIE3.png
Resource
win11-20240221-en
Behavioral task
behavioral14
Sample
Byte-Stealer-1.3.1/img/SCREENIE4.png
Resource
win11-20240319-en
Behavioral task
behavioral15
Sample
Byte-Stealer-1.3.1/img/SCREENIE5.png
Resource
win11-20240221-en
Behavioral task
behavioral16
Sample
Byte-Stealer-1.3.1/img/SCREENIE6.png
Resource
win11-20240221-en
Behavioral task
behavioral17
Sample
Byte-Stealer-1.3.1/img/VirusTotal.png
Resource
win11-20240214-en
General
-
Target
Byte-Stealer-1.3.1/ConfigLogger.bat
-
Size
49B
-
MD5
aa02d6b4fff3cb9849ae186a8a8ad459
-
SHA1
94404f3a23b40a3d109eec3c618f9692ee958332
-
SHA256
6a8a26ee42a1a68e84e4a0b48f4599164eff8bda7894f2c832337c6af9b4bf2d
-
SHA512
aef4267a4c083abec885856664b450cf3a3dba5849be1729894fa6844877cd9cfc1881942346bc8540c17848d1e66ba3d708b5ec0df73cd9ff9c854af6913654
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1980 wrote to memory of 1900 1980 cmd.exe 81 PID 1980 wrote to memory of 1900 1980 cmd.exe 81 PID 1980 wrote to memory of 1900 1980 cmd.exe 81
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Byte-Stealer-1.3.1\ConfigLogger.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.42251.0_x64__8wekyb3d8bbwe\AppInstallerPythonRedirector.exepython ScriptConfig.py2⤵PID:1900
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.DesktopAppInstaller_8wekyb3d8bbwe\TempState\AILog.txt
Filesize495B
MD5445054754aab81d53b48e222926e0339
SHA1dbb530dc4f5bfd822a84840b2b84f8f809378b4a
SHA256e085b726996c9d5549096f4f6cf2510a7924cc5afe0046609593f698c400e8d8
SHA51231ce3e4dfd44ce34b8ca7b795a49875dba42b6b9835c580b948b100b99185c2eeaca61677a6a8323415313999fcf1f34fde45fa072a59dc3678bceff60302824