Overview

overview

8

Static

static

8

SkochGrabber.rar

windows7-x64

3

SkochGrabber.rar

windows10-2004-x64

3

Builder.bat

windows7-x64

1

Builder.bat

windows10-2004-x64

1

Components...OBF.py

windows7-x64

3

Components...OBF.py

windows10-2004-x64

3

Components/cert

windows7-x64

1

Components/cert

windows10-2004-x64

1

Components...g.json

windows7-x64

3

Components...g.json

windows10-2004-x64

6

Components/loader.py

windows7-x64

3

Components/loader.py

windows10-2004-x64

3

Components...ess.py

windows7-x64

3

Components...ess.py

windows10-2004-x64

3

Components/process.py

windows7-x64

3

Components/process.py

windows10-2004-x64

3

Components/rar.exe

windows7-x64

3

Components/rar.exe

windows10-2004-x64

3

Components/rarreg.key

windows7-x64

3

Components/rarreg.key

windows10-2004-x64

3

Components...ts.txt

windows7-x64

1

Components...ts.txt

windows10-2004-x64

1

Components/run.bat

windows7-x64

1

Components/run.bat

windows10-2004-x64

1

Components/stub.py

windows7-x64

3

Components/stub.py

windows10-2004-x64

3

Components/upx.exe

windows7-x64

7

Components/upx.exe

windows10-2004-x64

7

out.exe

windows7-x64

out.exe

windows10-2004-x64

Components...on.txt

windows7-x64

1

Components...on.txt

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    SkochGrabber.rar

  • Size

    846KB

  • MD5

    aa0e14690337a9c0b8ba501d90f53ba2

  • SHA1

    26b881440527449178829c2b8df29b690aca8c99

  • SHA256

    b5d8e6ab7b26792267bad6c63960401053176372de55a7eb9983385db5af0b25

  • SHA512

    e7d5c3e15c80dedb90d404b499cef821da7bd43454eb35527873e305f0f8fa8bdfa7c355f004657286ef0672837bffd792c2dfe40c0d5b5b29febfb3ab932fd9

  • SSDEEP

    24576:cJwTmHwOerC8UoHRCPTc+W6oac3ceQfX03i:rw1e37GFT7

Score
8/10
upx

Malware Config

Signatures

  • Patched UPX-packed file 1 IoCs

    Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • SkochGrabber.rar
    .rar
  • Builder.bat
  • Components/SkochOBF.py
  • Components/cert
  • Components/config.json
  • Components/loader.py
  • Components/postprocess.py
  • Components/process.py
  • Components/rar.exe
    .exe windows:5 windows x64 arch:x64

    9a33888e10929c185d02249d2b55c15a


    Code Sign

    Headers

    Imports

    Sections

  • Components/rarreg.key
  • Components/requirements.txt
  • Components/run.bat
    .bat .vbs
  • Components/sigthief.py
    .py .sh linux
  • Components/stub.py
  • Components/upx.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • Components/version.txt
  • Extras/icon.ico
  • Extras/unblock_sites.py
  • READme.txt
  • gui.py