d312dd4594de24e3c0b5258cde070351a63d7d16dd373a01fee695c34db56191

Sharing

Copy URL

Twitter E-mail

General

Target

valchecker-main.zip
Size

5.8MB
Sample

240430-swr2bsbh42
MD5

0164b30decb2a4140db760d83d219f85
SHA1

7523978ad6ccdc62190ff78641200899a6db6905
SHA256

d312dd4594de24e3c0b5258cde070351a63d7d16dd373a01fee695c34db56191
SHA512

2ed6ab855583ab2bf6923e30e9449f123e73b8de678b0c5dd8b43bee2fc1145341b873b5c8ded563c0dda616ce83f9501f8dacaf9587c741d598b71c9f8c9c2e
SSDEEP

98304:vTNrc2ZfiPyCEG3yellQXngIiDkTrNlDHfQpIyOqOhqnQXFXkpip9Bg9DgXeCG8:bNrFfiPyCEGiejQXgI9nfaTOhn9AipDj

Score

10^/10

pyinstaller

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://github.com/LIL-JABA/valchecker/archive/refs/heads/main.zip

Targets

- Target
  
  valchecker-main.zip
- Size
  
  5.8MB
- MD5
  
  0164b30decb2a4140db760d83d219f85
- SHA1
  
  7523978ad6ccdc62190ff78641200899a6db6905
- SHA256
  
  d312dd4594de24e3c0b5258cde070351a63d7d16dd373a01fee695c34db56191
- SHA512
  
  2ed6ab855583ab2bf6923e30e9449f123e73b8de678b0c5dd8b43bee2fc1145341b873b5c8ded563c0dda616ce83f9501f8dacaf9587c741d598b71c9f8c9c2e
- SSDEEP
  
  98304:vTNrc2ZfiPyCEG3yellQXngIiDkTrNlDHfQpIyOqOhqnQXFXkpip9Bg9DgXeCG8:bNrFfiPyCEGiejQXgI9nfaTOhn9AipDj
Score

1^/10
behavioral1
- Target
  
  valchecker-main/proxy.txt
- Size
  
  218B
- MD5
  
  798bcb9072071c7300fe222567dc5c44
- SHA1
  
  8db1533a85c184191956e316ea00d6ff4b328cf6
- SHA256
  
  5bc0f609a03741afae60f666a40310e7081772f4fce3d60cc06865ce457d8adb
- SHA512
  
  9ddb4c100f6aa7fc7aa881a36b7c6a2581c7c6a00f4ebde15eb8d56d1c76dc18d7213e8f3ecd0ae5659cee3ab0687640304f9c3aab591e1705749c0bfe9731be
Score

1^/10
behavioral2
- Target
  
  valchecker-main/readme.md
- Size
  
  513B
- MD5
  
  a2111f9748ffcd9e064da5e79c388672
- SHA1
  
  ee56c7eecbc06873f0189d922cd171e8fc00e044
- SHA256
  
  fd5a2de073a6067cbc10fa2cbaf957426ab1e356be3c5db1a9a037c4ed5b3470
- SHA512
  
  cc01a6f6279a8d29bb14b6e7bd8b17befa7a71652a4d8cdd473ee001461cb5dbf12428f1e350ecc4a937375b237348bc3a545db00d6e565f7a39d2c81dc0cc58
Score

3^/10
behavioral3
- Target
  
  valchecker-main/setup.bat
- Size
  
  163B
- MD5
  
  9dd7e0d665e1b26ac8c06d02e6d8a865
- SHA1
  
  b12cdecb46b1f814ce8899637621dd374ce90e87
- SHA256
  
  6e8371ec7c16919ddace4327fd09e03619dcb97c0312559eb1f1e833a744504d
- SHA512
  
  c3e71d64cd0b5e9496bb8944efed052fa9ab6ab0c1b40d3ebee7255f41a1d41cd15bfee6b1adc5372800f02f6d295f09490c55e166b7fee28fc21a0644c735bd
Score

1^/10
behavioral4
- Target
  
  valchecker-main/src/checker.py
- Size
  
  37KB
- MD5
  
  a255ffb32b82e3b55f9ad947a1728f58
- SHA1
  
  934bc0f61066896b54945ce1a926825294c7dad7
- SHA256
  
  caf6b091117e8002116d70e2aae9177f4b5cfcff8870a497888055a0e00382bd
- SHA512
  
  7bfcd000e8255c3d6755b7e206ad08bc45a3ca0ca0739d9deaf897ce64a206a3593dc9801d017a767b798934be95b638621d886b10bf95163924346166452d33
- SSDEEP
  
  384:35RBHZzNM/PXRG+HCaey8QJ1kpLR6RaGLR6RakLR6RaRLR6RaXvdWXnjJni:JRBHZzNM3RG+HJ8QJ1kpRGRkRRRETJi
Score

3^/10
behavioral5
- Target
  
  valchecker-main/src/codeparts/PCSS.py
- Size
  
  5KB
- MD5
  
  2cf60fa75a7c92c264e56f4c094dce50
- SHA1
  
  1c1bbee2100ad2460bfee7be43fec78ab51c588a
- SHA256
  
  c3bc73fbe78440513d57dd4a85ae54c62ad5e426d67113a47e8e5ca0e046b1e5
- SHA512
  
  39a5ce6c9503a47dd1350a37d6245b75b563b367b0dd902fdd3e9b73935a2d813d81df5b954b0c7c7b38d11b37c5ebf864fb14448b8b9f11b7acd82b0f2ffec1
- SSDEEP
  
  96:Fhq0YFfpHbVVp4BdQOKKPaw7QSQbx+Gz7P7PXpdz/p8b8Td:FJYFfBbVDDOKIaw7Qxx+Gzr7PXN8YTd
Score

3^/10
behavioral6
- Target
  
  valchecker-main/src/codeparts/antipublic.py
- Size
  
  757B
- MD5
  
  73c99bf9db770d692daf38c51bc8d5a8
- SHA1
  
  c80544090c4b7ddf1da79ecf3a4d888d3fc41a52
- SHA256
  
  52700affc0f4ef06f42753a28d9acdacd39bc7696a3721233e9dcb17a47cb8db
- SHA512
  
  ac424ad7aac5a52ad5deca2ad9eb38f1d5252c763b2cc1b54d4ff9d2616bd06aeb321ead3e196ec27f4b616d157e8808ccc24e5026df5f987fe84bb275a11029
Score

3^/10
behavioral7
- Target
  
  valchecker-main/src/codeparts/auth.py
- Size
  
  7KB
- MD5
  
  e29bca4f13c775925dd52d2c133011df
- SHA1
  
  0691518b93724248a1cf2b70ad6391e1e95fa674
- SHA256
  
  bf222959d05938bae4cffdeb299f01a778c0a3c36423c667d66a6629971bd918
- SHA512
  
  6767169dbba40ae7e2bba9cca0eb8a3d874fbfd63c60cb69f395ea25f84567960caa01cebb532265f0e23674b95d248fa7aa416c6236e29e4f75a19afbb43664
- SSDEEP
  
  96:mNGKhcWm/WzZeEOnBOBlO79ebbV867UP7OqWyAoQnljxV:mNGZ/WzgEABOBlO79e/V8DWyALlj7
Score

3^/10
behavioral8
- Target
  
  valchecker-main/src/codeparts/checkers.py
- Size
  
  5KB
- MD5
  
  bd6af73003f761079c65325033538977
- SHA1
  
  44e170881b55adfd7f493477f2b4528f3ec47381
- SHA256
  
  1c7100fc4cd64867e44589c7f8c74c8ae265e08e82f33cdcb66220724ec93caf
- SHA512
  
  a40d39ecf00a38be006182dfb336e4cadb6c4b5723fb4f3d771a0dd0fe382934a4202484077d9325a00de4aa8ffdba57c602cc4b0dc1f0c355002cd33507289e
- SSDEEP
  
  96:RBQ4WAYYTQrQMsmAU4fMAAuMUPYA04l9OHdA044gRI7xnVLDtsk2:Mx8TQUM9DYMAAuMUPYzaIHdzXgRMVR2
Score

3^/10
behavioral9
- Target
  
  valchecker-main/src/codeparts/data.py
- Size
  
  11KB
- MD5
  
  d8b0ba447635e49d4d28455e92f06054
- SHA1
  
  ba24ef327c68155081f34299882cf9f0347e79f8
- SHA256
  
  4186799e10afd7371912c0bb879c2570c6e870c0c21f6f189892a0147649a23f
- SHA512
  
  f0a95354b15266d57d05fd45b3827fe5a048b68bb62c41f2c10fadae5ca5b8fa1351ad5dc171398c5d787a1969d19843073e7cd676d8159e92b8f7f3b1909302
- SSDEEP
  
  192:BWuRISNQR642tnJKrrEC1QoPbk2RvmwxfuLdy0klM:E7R6x6E4QoTk2RZJM
Score

3^/10
behavioral10
- Target
  
  valchecker-main/src/codeparts/fastcheck.py
- Size
  
  8KB
- MD5
  
  c791e29effc28a6f471b6a1050190ea9
- SHA1
  
  44f5a4c8d841ac811b196562aa4d2f4abd7f2e11
- SHA256
  
  ca4977375d29628feab10085397e5cbb9dbcb8b126f16c7fb5500f8f05720ede
- SHA512
  
  2c21e3d0a921852b1af8473e4ebe91b290659d2223d047b42b4625749b8dc7e2e96d2c2b9745f2a5f082f68d5611d3e5b10dfad7aa13d7a208ca86199a16799c
- SSDEEP
  
  192:AXEz83kDOY+yvrcKD5nXWVrbvnvG6Jcl6qfLnwTo:A+UwjcKNAbvW5Dnj
Score

3^/10
behavioral11
- Target
  
  valchecker-main/src/codeparts/stuff.py
- Size
  
  1KB
- MD5
  
  c4c3219abffc7c52516c900972050fbf
- SHA1
  
  57c53750ef90bb120e52b2831ab83c26138df7b2
- SHA256
  
  bc125f246247bf737bcdc9dc5650dfec24017167bdf7b5dcabdcea6855e85658
- SHA512
  
  78b3dcf6f739d6a34d30ac2b474572701f3fb3ea795823c7cd2bdc64292368a84deeb1d92e0fc97fc75399f1b6939365fd9a7099890f6055aae4eaa911f44e79
Score

3^/10
behavioral12
- Target
  
  valchecker-main/src/codeparts/systems.py
- Size
  
  15KB
- MD5
  
  1446685330cd702119e70665453494b3
- SHA1
  
  e085b39b4a8af976fa2c82373f58da43b9d78e71
- SHA256
  
  8e303e5197068bbab8f9aa5f59ba3e13c5600bbc403181ff3d7e1b128b7e6219
- SHA512
  
  1078c8f929908d36891f4826d866008ac0ca790452d33ed2102ff1574cd0b90df1b9451b10d9bf7fe7184107e3f70d4e4f0f76ee5d1e6345802b7814a43e9ab4
- SSDEEP
  
  192:IUtS3tWnXNB3tWCd5We2C7ZvUKyTnTVTyTnTVyTO9haqwl9OKc/BAWgIUOVHK:dtS9WnXNB9WKtrUDTnTVTyTnTTO9SUQE
Score

3^/10
behavioral13
- Target
  
  valchecker-main/src/codeparts/validsort.py
- Size
  
  7KB
- MD5
  
  4f0abe54c85a869ad43d5e5f626adb40
- SHA1
  
  2abf03b810ebc89c5dfaa05d5725c219799ed6fe
- SHA256
  
  c32766fccefc71c7d5ba3221cc6a790a93cc95b1203544ee85a35bc015c43f88
- SHA512
  
  6f0679abae5d014569f3e606dda49727690bad01cec4166ad9281f0a23f8f8e4d02306e29e1e6c7a38fd88335c6338cc35680eadaa1c49359281042c4c77799b
- SSDEEP
  
  96:+/d0fXNDkTiC9OLLEDhLEhLmhLoovFAj8Ka3NvhoXJ9e9:+lsBLE9LALuLXHU2
Score

3^/10
behavioral14
- Target
  
  valchecker-main/src/main.py
- Size
  
  8KB
- MD5
  
  703c9fbee72d33fee3517f7715182706
- SHA1
  
  b824d2467eb10c3a7528c694e895468a9e612d17
- SHA256
  
  819c85acc21e10eb860a6d8104df48e3e0809ca69b8f01e851bf7c3b576055d3
- SHA512
  
  5103619d6242cb5d33062adda5d1bad5904692429f14efc2aa43d2e04fb7b5da472179722a4726ce3cea2b0bcb1805636be8bd6fcd14ee12953453283a747456
- SSDEEP
  
  192:Pb7wDCeyZ9THMUagWqHUXlaXbXlXoX9PFuB:Pb7wOxgUag90IL1YtPFw
Score

3^/10
behavioral15
- Target
  
  valchecker-main/src/system/settings.json
- Size
  
  205B
- MD5
  
  fe48fe76758a6f0435ea71dda4b962f5
- SHA1
  
  30c96ecafad0be50b624ae550c1bc8432647304f
- SHA256
  
  71c62860d973305b00ce28241eb1117bf95182f666ec92e5cf1be09f6df16052
- SHA512
  
  5c42be6ef55b3c3c87afaf4e10e5354d710c85bce8ec515dab1becb3baa359ceab31602b2ac4c0476e0e7cbcbde8780fda72c060b37b5f703c6f5cfbe9ca104f
Score

3^/10
behavioral16
- Target
  
  valchecker-main/src/system/xd.txt
- Size
  
  1B
- MD5
  
  cfcd208495d565ef66e7dff9f98764da
- SHA1
  
  b6589fc6ab0dc82cf12099d1c2d40ab994e8410c
- SHA256
  
  5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
- SHA512
  
  31bca02094eb78126a517b206a88c73cfa9ec6f704c7030d18212cace820f025f00bf0ea68dbf3f3a5436ca63b53bf7bf80ad8d5de7d8359d0b7fed9dbc3ab99
Score

1^/10
behavioral17
- Target
  
  valchecker-main/start.bat
- Size
  
  38B
- MD5
  
  4b535df2ccac4eb6326f1b013f7b5a58
- SHA1
  
  76c5682afe3891fd5687b1c0bd19eadf5603099c
- SHA256
  
  898e93f6525b1cfc1c55634d3e75ae4c7dc37545be808198514fd67e4039cb06
- SHA512
  
  559718299fc59d077365907ad21a7d1f0484419547a560729e5625ea5ed12a909312b67340631e1c2488c1da2c125d6eefdbcf54fb20325f3a9c1fe4250fd1d7
Score

1^/10
behavioral18
- Target
  
  valchecker-main/updater.bat
- Size
  
  916B
- MD5
  
  e3e309fbacad4c207f87276b0bcf3047
- SHA1
  
  8b49e7896c9ba22f8f421a77e027dc35dd250399
- SHA256
  
  d364a73520cb64d6feb233d6f6e36815aaebedd3c626c22bc68b57b978af6f69
- SHA512
  
  b9b231fbd45018f39c58f86fe2000855b336e49d28fb08ac028974b7da1c01a54be9cb4d689eff611c93d6c29a3810f3191fd6b364e05ded40f555c4028ad7bb
Score

10^/10

pyinstaller
- Blocklisted process makes network request
behavioral19
- Target
  
  valchecker-main/wifi_anywhere.exe
- Size
  
  5.7MB
- MD5
  
  4fb2ed1baf52e323acebb4aca3003e53
- SHA1
  
  5ce84718e911e1d3242fe27dd321245b88ef57eb
- SHA256
  
  c276362ccdd36a07c85bc88f601715a894c7e93c5ad41b2f4886574c5dec03db
- SHA512
  
  8f04f6cf2013f4211d36ce13f1f308c31adc241fec1cc74a3d5c23d8bd3b448836c1c58acb6c1365c5ae51fffec96316b14be5130eaeb388d2fc102a75171ae7
- SSDEEP
  
  98304:r5pH6P2uW5MI0md9g+DgeFahftplflf6dUwOEH6d8e6b0kCbhjm3OxJfIxVkN0BS:rbH6eL2Vmd6+DgTNfwZHYY0kOxJIv07
Score

7^/10
- Loads dropped DLL
behavioral20
- Target
  
  pisos.pyc
- Size
  
  207B
- MD5
  
  b0468b395f3df9e049c3eb01af0581e2
- SHA1
  
  05ef9010e1fa9065e2acc781445af645d8072617
- SHA256
  
  c5fcf93c38a6f0900c113dfd042369b2fe458c4864108edfb0293362d50d12d9
- SHA512
  
  ffab00a9775c8b754f193e2551dd699503316d675fe40e4538c5d50ed0193abfc4b0975e56c9b0d2143108ddbd69904a860e96743232493ec196ca987e7d2b01
Score

3^/10
behavioral21

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21