growtopia | 54a665f2962307c1cdb9f865b60da2d5d5940654c7824818c1c6e76168a6cc9b | Triage

Sharing

General

Target

63aa17ae4f307834a491fe583dd40ad2_JaffaCakes118
Size

377KB
Sample

240521-r4ewashf3v
MD5

63aa17ae4f307834a491fe583dd40ad2
SHA1

a491ecee060976a3f92d1f78c01eae395458f8e7
SHA256

54a665f2962307c1cdb9f865b60da2d5d5940654c7824818c1c6e76168a6cc9b
SHA512

d451c2ea0382641e6b554105df5ac2f6866f017ef0097ddffa2e95787cb199bb0f69aeaa892e99acaf3fdb2b7177c65d27b25d38a7d29c292d799b0fa93f8e59
SSDEEP

3072:hO7HQolIrINJ8QV6Zx8oIRHkgIOus0yLhRUu8CntXN7FJL2ziDmybJF:hO7PvDVgxxINhIOuqLxr2ziSQ

Score

10^/10

growtopia stealer

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
Maolenerkki2

Targets

- Target
  
  63aa17ae4f307834a491fe583dd40ad2_JaffaCakes118
- Size
  
  377KB
- MD5
  
  63aa17ae4f307834a491fe583dd40ad2
- SHA1
  
  a491ecee060976a3f92d1f78c01eae395458f8e7
- SHA256
  
  54a665f2962307c1cdb9f865b60da2d5d5940654c7824818c1c6e76168a6cc9b
- SHA512
  
  d451c2ea0382641e6b554105df5ac2f6866f017ef0097ddffa2e95787cb199bb0f69aeaa892e99acaf3fdb2b7177c65d27b25d38a7d29c292d799b0fa93f8e59
- SSDEEP
  
  3072:hO7HQolIrINJ8QV6Zx8oIRHkgIOus0yLhRUu8CntXN7FJL2ziDmybJF:hO7PvDVgxxINhIOuqLxr2ziSQ
Score

10^/10

growtopia stealer
- Growtopia
  Growtopa is an opensource modular stealer written in C#.
  stealer growtopia
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

growtopiastealer

behavioral2

growtopiastealer