ceecefcf9cdd5c58e5b934ae568c241986f85df3ba4648dc925fc93b2243cbf8

Sharing

Copy URL

Twitter E-mail

General

Target

plpscripts_freeV2_1.zip
Size

12.8MB
Sample

240513-srekfacg24
MD5

a236077d4478142cc405890ac29dcf67
SHA1

2727125deeeb12957ee16ee319fe1c5c4bcf3e27
SHA256

ceecefcf9cdd5c58e5b934ae568c241986f85df3ba4648dc925fc93b2243cbf8
SHA512

ebc935e4950eed03bfa8a5a003be829a469cb4653d00b74ff9ba7632b75e08ced38f1bf78052d7ecd69745a98311ec20b03d0e9c30be5387a2355528f3933002
SSDEEP

393216:yDFf6mky+kKfHX/oRGyAqlitjj+2TmpRA:yDFf6ny+TwAdRj7Tme

Score

10^/10

discovery execution

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://www.python.org/ftp/python/3.10.5/python-3.10.5-amd64.exe

Targets

- Target
  
  plpscripts_freeV2_1.zip
- Size
  
  12.8MB
- MD5
  
  a236077d4478142cc405890ac29dcf67
- SHA1
  
  2727125deeeb12957ee16ee319fe1c5c4bcf3e27
- SHA256
  
  ceecefcf9cdd5c58e5b934ae568c241986f85df3ba4648dc925fc93b2243cbf8
- SHA512
  
  ebc935e4950eed03bfa8a5a003be829a469cb4653d00b74ff9ba7632b75e08ced38f1bf78052d7ecd69745a98311ec20b03d0e9c30be5387a2355528f3933002
- SSDEEP
  
  393216:yDFf6mky+kKfHX/oRGyAqlitjj+2TmpRA:yDFf6ny+TwAdRj7Tme
Score

1^/10
behavioral1
- Target
  
  plpscripts_freeV2/1.READ ME & THIS HAS HELP.md
- Size
  
  1KB
- MD5
  
  8a8ff500a1e8aab322b0f2f586dfa538
- SHA1
  
  9dfb6fae35e1c0e1f522f074e1d7cacd84a6c2c1
- SHA256
  
  288af01e630256c1ba4724b069df571ba95e7e6f5320a00c5593927e6572db51
- SHA512
  
  7b769286e4df16e9bd008e103a36b415fdabdd3e5ece8314bfea72de6c8a13f5e86e6dc1fba26482bad983f418caec98908ae1cca8594ddba5144ea6aa6a80f5
Score

1^/10
behavioral2
- Target
  
  plpscripts_freeV2/auto_setup_install.bat
- Size
  
  2KB
- MD5
  
  bdba7ddafbddca1a9bd0ed4646819426
- SHA1
  
  9a69db7ab775800ce12e7c05e0193046b6d9ee04
- SHA256
  
  160184eb890d9d25418bba37efb2fabedb93b333de9a1fd291e233e750344a15
- SHA512
  
  7d46bc1c8723a43fe0b9a8bce21be3abad96b6bba9558bc564b9e6adfc8eebd5c94bae8839f1d4d46654a15a46398ada29aad33d18fc49efe8468d8841c69898
Score

10^/10

discovery execution
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral3
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/aimbot.py
- Size
  
  45KB
- MD5
  
  5437f4bbc2b19716d9a4f2edf94a418b
- SHA1
  
  5a596bd86902d6358d01075fc9f8aeb3e60f14be
- SHA256
  
  73e19d2af9ebd0b19f57519b5efacc655979078b9fa0680a8c1ea4857ca1a01e
- SHA512
  
  bb3ed71217a62c7d544298c38bda92b94e98264e916b908ad8aef3b4703ecbdf9bbd4b939c77a7910dbe267618602d4a6d1eee4e8f808736a7847b2a98dc86f8
- SSDEEP
  
  768:UpwyHVyltUFxclSRGA8D1I3/yKs/bub1Y3oNwyr3R+phZRoAcrukCq56rr3O9pjn:US8AlExWSR4HbuRN3w5GikOqpN/9rVdn
Score

3^/10
behavioral4
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/config/best.pt
- Size
  
  13.7MB
- MD5
  
  d5ce66170bbd72266e2d12585de8ac11
- SHA1
  
  faac21219cc40ae3b48480fb6a300c557a7c1f7a
- SHA256
  
  b379b9fb2d9a63e382fd14a4b4fbefc2cc51648a148fef5223cdd02aa0a1ec16
- SHA512
  
  335170eb18779c9a63ebb873fd4dc67442bbeda0acbeb1adf6d2d80502b275df88427261590ee3dac7455478b9cbc9640b6637eb72385421301c170329f20298
- SSDEEP
  
  393216:wMdDnlis8Elweg4SEJz0qjM8Jl2p1rkRJDKrd+h7tG+KGLE17aW6M+:wMssHlweg4SU0qTrAk3G8E+K1OW6M+
Score

1^/10
behavioral5
- Target
  
  archive/data.pkl
- Size
  
  87KB
- MD5
  
  adfa40b240ba8f37e1200da44f9a16c1
- SHA1
  
  f3690f553394ab1c2dec6e6ff8a8f186058297d6
- SHA256
  
  56533e4fe0e01d6362379ce8911c2e48a40a79f9c0a0d9f03a45d9bd4dbb76fc
- SHA512
  
  a6b714eb4bd15293c19937fc9f303ac7392e02643cd3e69831c325f8805b1216e299500ef04ce40471d4d4ed5f908c4f24c2d86ead6f83a4771acc5d9b93990c
- SSDEEP
  
  1536:UEdS4MBU+ONaVqI+VFxB/tO6FwdpGoRGjuDp9zsdmSZsI/e1oz/S6BAh2BUuLYsZ:UQzfdq+LBA0BUuLYsdsZLM2Ye5wC41r/
Score

3^/10
behavioral6
- Target
  
  archive/data/94907481988160
- Size
  
  64B
- MD5
  
  e764a1a574752a7ffe63b5b0ffc2cbb1
- SHA1
  
  6eb063298abaa5d1006891265bdb27f175c86e3f
- SHA256
  
  ded743e6760757cc621055ff97a2d85d2cf0ac2b77c2bd42eeefcca6e85627a2
- SHA512
  
  83635c17c002bb938c41715a0b130b1452982bbb8de4cc46b8fa922dfb3f377c394af7470fb81389e803b6bb54e337b025f9db9b9e57dd6f8862ce0d212eb57a
Score

1^/10
behavioral7
- Target
  
  archive/data/94909076651120
- Size
  
  128B
- MD5
  
  f5dd7703ad73ed4b973d28f0ed1c92c4
- SHA1
  
  2228f87add9702b568a0f8062edcfb22edc887bd
- SHA256
  
  ed29b2c57faa2323d37947b8e1d1bf7ac1363642239f99d9d5af8f4e6d04b7e9
- SHA512
  
  92b72dfb61da1e45df2f911f783f5012a5d21ed9f9de858839df4d07f72460cb2ad5c2aef01205e810e6f87fa9d77d9452f462ad78a076231f83e9b49769e834
Score

1^/10
behavioral8
- Target
  
  archive/data/94909076651216
- Size
  
  128B
- MD5
  
  a73192facf336c150aad378afae9a670
- SHA1
  
  66c6a77a941ae312d5f4726db03ca14c998e4c6c
- SHA256
  
  9f471a9bf350f3d238415f6e1ec859bc2412867724f89b9c043ec6ce38756fdf
- SHA512
  
  2e6458beb213dcb43cb70068ffa66898325ad1a22d56f801d97177ddbf4fa559d9ffb0da9cdca43d554b967b8dd1743b5e2b8a342a16f6d6b6ba4ec1d45209af
Score

1^/10
behavioral9
- Target
  
  archive/data/94909076760992
- Size
  
  8B
- MD5
  
  33cdeccccebe80329f1fdbee7f5874cb
- SHA1
  
  3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe
- SHA256
  
  7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8
- SHA512
  
  991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20
Score

1^/10
behavioral10
- Target
  
  archive/data/94909076785696
- Size
  
  128B
- MD5
  
  f91966bf6932aa58c6d3f79239c2c87e
- SHA1
  
  744b346bc26ae84d5a91002298b8876f27556e92
- SHA256
  
  e82323f0446b4291bc4140710ff55bab84bade39743d3f3693d1ddb3fc71b8c5
- SHA512
  
  082fc95fc7d27e6c85c1096ad173d56828d8dd234fbd8588fa1dbd47a2bfed654f2e9986e833dcd30c70c2ac306927d73ddb714a7ef451074a9da0629abf81a8
Score

1^/10
behavioral11
- Target
  
  archive/data/94909076797712
- Size
  
  4KB
- MD5
  
  f6b0e9aea2ff1c7f18f20d7ae786e103
- SHA1
  
  7f729891f335ae94cb8c6fa068d3ea4a412a5d07
- SHA256
  
  6600dbfd1c60216cf7363241c9917b173f4083856134a2b65e5652316847f117
- SHA512
  
  cf869416fa20a3ca731bc86f5acdf218178abf947ec10058ca77be083b5e3fc0ef1862eb3fa6dd412ebe0fc875d187f73c9d34d7815be4ceac4835f0c1760c83
Score

1^/10
behavioral12
- Target
  
  archive/data/94909083665328
- Size
  
  256B
- MD5
  
  6ce5de14b7930d1c260ed733818727a3
- SHA1
  
  e567354905245825ee3a220fd457fca7c7deb88a
- SHA256
  
  224cc0704745f0b867fbab33270cd63dcd7c094ba2ce205c3669b98b977f82a0
- SHA512
  
  938a51c696e8682336262bc33322c60d50c03caf5e23dab63181cac697d8349725e47192ed9b900ba9a2859639973bc0e848c82762736a1fcfb0d60ac68f68d5
Score

1^/10
behavioral13
- Target
  
  archive/data/94909083860848
- Size
  
  64B
- MD5
  
  c7639f87491ce88cb9efd55eeb2b44ea
- SHA1
  
  29de623cb20e27939b3ba7bcd4806a63eda5f98e
- SHA256
  
  32689b9dce5fd742e33a8ade93bda5e3247f86215b8fe484737b879535db8a46
- SHA512
  
  528a9aa43d9d8d84eb852797a04be1e504307948c9ff142570f364308183897040c30f60a8524560a4cebf993b315666ef91ef9fe0777651c9dd3e3e175eb8f8
Score

1^/10
behavioral14
- Target
  
  archive/data/94909084060304
- Size
  
  256B
- MD5
  
  d47faacdded0abcc6e536b4590508cf3
- SHA1
  
  89ec7b85d58ae9e0491b84e636e8a8c6d69cca13
- SHA256
  
  ba838be346ea96c76c6ba1ef3c84f3bf3e8280b6a3b7ad4a4bb4975f9abe8ba2
- SHA512
  
  1fe516ce019f64a0bbd7e349f1b2747aa22e118625a1ca381f605c4ac6dca80239be9bf3fbec0cbdbf859c4faa1c326ed2106be537a708aafdbd3111a268ea43
Score

1^/10
behavioral15
- Target
  
  archive/data/94909084374192
- Size
  
  16KB
- MD5
  
  f9e009acf17027d16a9bf1787754b1b4
- SHA1
  
  d966fa0b954c41a9f30ea8b772f259b604ca7493
- SHA256
  
  7e522636ba07aae98b4e255e558b6891962c0c4f18cb27fc2f68be7641d7ae1f
- SHA512
  
  43cd34f4e5cf34246e18d8ac4b672f999eafd8e4009b371218c8efb99f2b16e398b2a8a1ca732397661250c6acae8946018fab145b2e194c065c016686210135
- SSDEEP
  
  384:pwogcyOgv0ua6XUt6g9o4Jk6AH0a5XH+sf+JJ:GoRyvcupXm6ejGbTusf+JJ
Score

1^/10
behavioral16
- Target
  
  archive/data/94909084374288
- Size
  
  128B
- MD5
  
  3ffb53e2b4fced1b45ea28d5467257e4
- SHA1
  
  21bb267d3485ce3622099b605a4a3f2d0008e21a
- SHA256
  
  8cf4cd2059cc2d6bea186420f9b69e23291dde76310eeb0364bab97bf51874c6
- SHA512
  
  bea0d174af18e1fcd6366ff28da58368d9eb1149552720e237016762c5b28a6e13b0a5bd58ebf51a85d3083ccf331aff3d7909537e8c5cf7bb04272555f2f1c3
Score

1^/10
behavioral17
- Target
  
  archive/data/94909084501856
- Size
  
  128B
- MD5
  
  06916c53a2d2b055d767329d45918f52
- SHA1
  
  685f332d56fa4081079cab73cf1f50e996002760
- SHA256
  
  c0129b9bb9c418ec07fc35e2bb39f860fc4d08ef40cbef9253bdf5695bddc596
- SHA512
  
  87efa37578b70b04e6aaa848bc1ac93f6cc35338c87ade74c4ed050e2e62bfa08465dbcbf59dcf8654c96bbce8c5c2cb28214c05f4167602a957774319d522e9
Score

1^/10
behavioral18
- Target
  
  archive/data/94909084582784
- Size
  
  128B
- MD5
  
  bfa725f1ac760f2838d72aa58b50855f
- SHA1
  
  8c8cc78f80824aafd6614573d53915b93f3ef53b
- SHA256
  
  0ab4207cc2bf272fd193fb628331337ef013223acb2295e4fb1396e8e87d9af5
- SHA512
  
  d24e8b5760fd2ef4df32ecf013d4bc7f65f3844bcd0877ef1176067cedbdaac5723255e588f662bdf694ca7224c87f7bd1301e948a539c212898ee28f21d42af
Score

1^/10
behavioral19
- Target
  
  archive/data/94909084647568
- Size
  
  128B
- MD5
  
  efa235552ca54101de099cafc1d2c150
- SHA1
  
  1b07d4418a0c0374dd9145bb1afba362e62225da
- SHA256
  
  f1d70906dd9fa1893272521d573043578266f6bbd2c6585b4fb768441e091cb3
- SHA512
  
  647c89c5f7fad6ab205f53a5bb65449edfdfd1c4913db836b7900ec200cf93f36d0d4e6834e627168ccf8f9ba9efc821f2178e614015e3ad6297d19ff4042c5a
Score

1^/10
behavioral20
- Target
  
  archive/data/94909084701936
- Size
  
  256B
- MD5
  
  7ceb035515a4c018f7039ad7e7275525
- SHA1
  
  6fcb010629a73d70bc60291265df05f53573338e
- SHA256
  
  bf4d2fb385040143fda119a0adf4df15ed6d0b17a1832fefc68b8ba4dc4478b5
- SHA512
  
  052632c7d6932b63ac1ad889dd4259e8a6978bd572957b2d8c02ff36e2bc0278638dd19591072c6176ad450b5b0e623fa0217dad055e69c3d1c9639196ffaab9
Score

1^/10
behavioral21
- Target
  
  archive/data/94909084741200
- Size
  
  128B
- MD5
  
  a4783c3aaaeac18c30c2c9bb7adfa3ad
- SHA1
  
  eee96aa847bb7b54e92be4042982e1d2ae93b484
- SHA256
  
  7e2bb5f93f147e8b0ad259b8898b4298c1ba416b30fbad6a96f827f594a5df41
- SHA512
  
  f695c49d18275926ebf3b85b5c4d5c751e9d8ad914fe24c26e68b6a10c6e289d28101281bcd93ce9bca1b49c3e10decf3c19d283e733e2fe9731229c59d92bed
Score

1^/10
behavioral22
- Target
  
  archive/data/94909084778800
- Size
  
  64B
- MD5
  
  55caad3f84f418793703609ea3fa06a1
- SHA1
  
  7b34ca4087f1acc81115a90d8bac0318957f1d4d
- SHA256
  
  657c8e77db07e5ee10fa9e59b4a18bd3553710c0674c4028a3ddecd991cebc46
- SHA512
  
  2317de2dea846213012b1b82c11cecb6a8fa9f032f2f5a2258145bbef55c5a11418da3b1195dc794e7c2f89249a2574c9049640ce557b47fa93daa465cf2f645
Score

1^/10
behavioral23
- Target
  
  archive/data/94909086274048
- Size
  
  8B
- MD5
  
  33cdeccccebe80329f1fdbee7f5874cb
- SHA1
  
  3da89ee273be13437e7ecf760f3fbd4dc0e8d1fe
- SHA256
  
  7c9fa136d4413fa6173637e883b6998d32e1d675f88cddff9dcbcf331820f4b8
- SHA512
  
  991294f43425a5b80f8a5907ca7cdbb611401282585a58bb415077005428e3b4c0f661fc07ba5c45f627bd8bdcb172389ce2fda461c029b837abc70f0abbea20
Score

1^/10
behavioral24
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/config/config.json
- Size
  
  128B
- MD5
  
  5ee59ac57be37e0b2ab179af68aad4b1
- SHA1
  
  c6e681cdab7884b0c80a8ae7302374cd45dbe54f
- SHA256
  
  2194357ade9d124e18971d858b7939a94d25f3fba5b2370bec85c0221898255a
- SHA512
  
  b7033c05aad45084f6577c9b07597c8eeacc5d7e918d68ddbb4595bc8a5ca115a6455816b9745a5927a542bae55897c0a3fb4b246197ef3340df679c5ba9a317
Score

3^/10
behavioral25
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/config/style.json
- Size
  
  6KB
- MD5
  
  ab87e9827834ee80fd508f1da59e9cf4
- SHA1
  
  a33efb8fd212482d0e500293aacf12c824a61c30
- SHA256
  
  a5b5b03e8095cb4aa9d443de8bd6e9089b01d0044a4ae188713827ba3b2d21c1
- SHA512
  
  1988abcf1b7ebbe1bda65731dd332f66c16237550914513341035c1a46f9f67fc069f6b528a16dd14f565f9f9f1a3456c40640115a11b36173b7d07bfb3258bb
- SSDEEP
  
  48:p7dZwdZSFQlZY9TSCZlVZ8YQ8FZTJ0KCZsgZwkZ7MmfqCZ9mgSCZk/cZKjDEfSCR:pfcSeYr98YfCRtXN74wJeOSLCCaHYq
Score

3^/10
behavioral26
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/main.py
- Size
  
  11KB
- MD5
  
  278b94da858a87ef65c1ddb484393078
- SHA1
  
  71ce6717e419421f16fda9172de23b1c52fd6292
- SHA256
  
  3424487c41c79ecd49110347c89460116d4fefd1725d84390dada977341a6bf3
- SHA512
  
  c1acace3f5911c641b1b9b87813c7fa9008fc1444218403ff36278818c86b9f36e8b41c03a20964f0c6577ef00b27134df83426227c94761b28508f8e197fc82
- SSDEEP
  
  192:G3cikohsCfRiF0OGaVOIJADz1ryh2A98DOD+qPwK4o7uSiWxtYTo1i:GMizsCGCalEvA9eOy8TcWyki
Score

3^/10
behavioral27
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/plpscripts_freev2.py
- Size
  
  20KB
- MD5
  
  1cd6ddacfd0574940e0b6db3c15e2ca9
- SHA1
  
  60878df601182387c53c0ff04568848344d81efe
- SHA256
  
  d19dd7dd045d9689038b12048df58afca4fb0d0e58b4588322abb6d3be1f1962
- SHA512
  
  51a3506737bc633cdeecf690cb780a0a27d9a5a984343e25e90153f7a8ed8b070100c6ba155abe4b00cbbd31f55b3801d0b2feae7511898a4d9ce66e5f4f4947
- SSDEEP
  
  384:vedcru/zST5dtFzRZADgnlBxOLOW/ra6GPEt4doE6fSfbjYFLAXdhiJAPjEZqwPn:veyu/zw5fFlmDtOVNEtPfK0VANhFjOqM
Score

3^/10
behavioral28
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/pyarmor_runtime_000000/__init__.py
- Size
  
  103B
- MD5
  
  b531b298be665224d9033ce2cc9f8e66
- SHA1
  
  92f4036fe8225e2b35631b49e8fff4fd72b180b1
- SHA256
  
  7072222a776c768ede0d208609b9948e13b99c3c666085f924f0bf7064e449cf
- SHA512
  
  717dcb8ce03b46ee2d98fc3359a859593e8cf783a1904c57aea84640dabaf058b9d5060019046a056e2d9740ebbfa06556232fed4f24b38acf3e953574de69f6
Score

3^/10
behavioral29
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/pyarmor_runtime_000000/pyarmor_runtime.pyd
- Size
  
  619KB
- MD5
  
  ad2f4d832ae9af7f18be8dba02d3aaff
- SHA1
  
  7f3f536d2aab7eb9b570b109c4befa16dd7614a0
- SHA256
  
  d19911c013cb25f7515ef69ca218896f97967dc3579ad9149527e1d936a5081a
- SHA512
  
  20bf1467b8c68f23df05408d73a88cb0dd680e77c7d959d6948a17fa55d5318259156be10a32a80964f091b82d70335195484ab6313803c3a987c69f0f7d6e28
- SSDEEP
  
  12288:xGkzy1XSZNIHctjdcg7fUoPFByvcnE8s1sB:cNS6ctjdcg7fUoPFByvcnN3
Score

1^/10
behavioral30
- Target
  
  plpscripts_freeV2/plpscripts free ai aimbot/start.bat
- Size
  
  40B
- MD5
  
  1e7695df315480d6bcd57e8971d8d881
- SHA1
  
  f4f5f764f237b49d698ca1fd5ab0c32157c7e511
- SHA256
  
  ee6e664af57a744c3d5587adc2cc1493262fe8f0b90bc8bfc0951461e99139fd
- SHA512
  
  0454dc00587ca2dd1ec9b74643c6707f11337b2f1a0cec9f094ba0dc9ceba0a310635341abaf069e1c3850dde925d6dc0c98c5990f765654dccdb8e94df49f26
Score

1^/10
behavioral31
- Target
  
  plpscripts_freeV2/requirements.txt
- Size
  
  395B
- MD5
  
  3058244d8d10c23492415310cf485ec3
- SHA1
  
  0afebab685deec80d088557bd5985298e33ec8a9
- SHA256
  
  7ca239ab576a865979b1cc267173e9830ee3a92e1f2239c05f2fe4b47e6f0208
- SHA512
  
  ed7a8eb72a2cc770148356af85158a46df731e2003d1b77c758ab7f8da085acb197a26f63f425d4d0ff3d6f3b1384fa0cfa8a634b5e1a1b0e2e73f9b2d822546
Score

3^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32