Overview

overview

10

Static

static

10

Decompiler.exe

windows7-x64

7

Decompiler.exe

windows10-2004-x64

7

GameStealer.py

windows7-x64

3

GameStealer.py

windows10-2004-x64

3

Saveinstance.js

windows7-x64

1

Saveinstance.js

windows10-2004-x64

1

Select Your game.py

windows7-x64

3

Select Your game.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Full Versiyon Decompiler.rar

  • Size

    31.0MB

  • Sample

    240419-r9spcafb46

  • MD5

    05f5cd0a3a1a4e5db2f34a704379eb6c

  • SHA1

    18243f6617ec2517452219a5e1d3cee2e5980d39

  • SHA256

    24d0fbed27eb3ac262a56211591e61b9ddb2ce45d9b9f34be78dc75f69e5df0a

  • SHA512

    0fb1d987e5796fba35509f957d01b9a7cd19363092a137d84ae3bdc18dded40fdba75449e8f526f8e06620f6f2f927dea7d3d21dafb59a7c48d54fc41296521e

  • SSDEEP

    786432:j55jpHIuxy+7SqMVwjYhTw2UAVTESD0rve+dO5hTrrZb4LfS+CeNc:jvHy+7SZ4mJ7g7e+dwTrISqc

Score
10/10
empyreanpersistencepyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      Decompiler.exe

    • Size

      20.7MB

    • MD5

      b40a6bcc22defbebb77ea2983a7a4df2

    • SHA1

      f6425b5d296383349ae2b35613911d64774b5336

    • SHA256

      1a29391708c03be3cc6fe8f5be11415c34c12fec77c72258322f3fdeef35b08e

    • SHA512

      581ebdb5329d1049484764baea16e165c17adba3f18096d73a17b15e88fdad527931ff24382a9ea120e8735eb8d61c3781e5d011e65b29261ca5fbcba380ccac

    • SSDEEP

      393216:AqPnLFXlrfh2Jp5qC3njkVQ8DOETgsvfGF2Kgp6HgPtvE4sk2Xnqmm:BPLFXNfh50sQhEqQD6TK

    Score
    7/10
    upxpersistencespywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

    • Target

      GameStealer.py

    • Size

      390KB

    • MD5

      4141f773c15ba4be83c77ef77b76ff90

    • SHA1

      63999b309981efb2e7b9c0cb9d700ff064b28974

    • SHA256

      73934fab0bde13926390305bc8b41f2489c958cd525328e61a90df7c555123a1

    • SHA512

      c7b02ee1c99df42acef22530ee70556cb89e2ff01e2a35e6dfde8dc4c19a4922e375565a763e322067a47157722457da72d0a786df3df79242d2f5c14352e8c7

    • SSDEEP

      768:eIa8fvV0Ny9CrXYQlYPzNoUdNWX9HDNyGcJPQUYcFrwgtuLb4uycKvm39vKOpuSx:aM4yC1CPzNstHvULxGHlKH0Wjtq

    Score
    3/10
    behavioral3behavioral4

    • Target

      Saveinstance.dll

    • Size

      51KB

    • MD5

      ac2119ffe6a27c58a12fcca7c4c4a653

    • SHA1

      09cc54886389b21d23d679aea9ad3d1306949467

    • SHA256

      71079c6f00505e66c44f19445cc8333b8cd04e43347cc42750b2e4782f324e28

    • SHA512

      6f1e46fda5eb904ddeaca561608e116ecf1db56cb36fea901887dead9a3f7f77187f67ad9edd7ed465e4db37867a5c3978b87b02435bd2455ddf8e352e44845c

    • SSDEEP

      768:uEPBn4nZgENWEa5dSG1H+W39/sixLDSHMFQz3v7P/4VYn6n6k2WJkFt1ZYVx1UiY:R6WEudS2+K1sCzkWQrIfxC

    Score
    1/10
    behavioral5behavioral6

    • Target

      Select Your game.py

    • Size

      199B

    • MD5

      ec0f787a40ea8410fbcdd5a89f7dc4a8

    • SHA1

      ced37cfff90c35693ff7cafcee1974af9697d72f

    • SHA256

      2310424e2cacbeafbb655273eeed4ea831588e69533556eaec8a35979c0513ea

    • SHA512

      b0385971e3effa048eacd91010e2502182fc69c1276d6fc92dc278c545a35a96744dfd8179570d4204e5ee260730c3cb2a758101c32b253b94b5a497f3fc8f9a

    Score
    3/10
    behavioral7behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

3
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Resource Development

Reconnaissance

Tasks