Overview

overview

10

Static

static

10

Robux Hacker.exe

windows7-x64

7

Robux Hacker.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Robux Hacker.exe

  • Size

    80.1MB

  • Sample

    240525-tlwr7saa8v

  • MD5

    14876666726ce716b152749698065aac

  • SHA1

    f024f37bef3cc8ddb49a181003fef0ca0715f589

  • SHA256

    e6d322c93c410af0529d346d4cea10fcc0d4871fc03f71d2362773576c3daa37

  • SHA512

    54e577f2f7119ba95487ad99aed157f50c4e5b232f41d9aa0ff5b71994e1f12c0721539cf734909d4d73075eb1f881991f7e45187b89759438f150432bf9f152

  • SSDEEP

    1572864:9vNBYQ3j0C3Sk8IpG7V+VPhqcPE70jCDPRQvljSvOul/JGZGHkVZWR9/HtsBqA:9vNBY+NSkB05awcVuD2wOuNzSo9/Mq

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Robux Hacker.exe

    • Size

      80.1MB

    • MD5

      14876666726ce716b152749698065aac

    • SHA1

      f024f37bef3cc8ddb49a181003fef0ca0715f589

    • SHA256

      e6d322c93c410af0529d346d4cea10fcc0d4871fc03f71d2362773576c3daa37

    • SHA512

      54e577f2f7119ba95487ad99aed157f50c4e5b232f41d9aa0ff5b71994e1f12c0721539cf734909d4d73075eb1f881991f7e45187b89759438f150432bf9f152

    • SSDEEP

      1572864:9vNBYQ3j0C3Sk8IpG7V+VPhqcPE70jCDPRQvljSvOul/JGZGHkVZWR9/HtsBqA:9vNBY+NSkB05awcVuD2wOuNzSo9/Mq

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      e523026b612006e580e96bd9e2a8882c

    • SHA1

      03b9938701f7eff11a0c3632ed805e8188598c88

    • SHA256

      8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77

    • SHA512

      a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853

    • SSDEEP

      384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      b38f506528b3d6d5dbd851426c347b95

    • SHA1

      e91bf4ef42128267934e21be0176e552480f5977

    • SHA256

      85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b

    • SHA512

      ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295

    • SSDEEP

      192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE

    Score
    3/10
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      31aa260c6cdeaa9d942cd0dcfcadd16a

    • SHA1

      a6818f3acf5c2ab9d65b41a81cb92b36b85cc932

    • SHA256

      b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c

    • SHA512

      0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ

    Score
    3/10
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      704dced7f7530b19a34a5f7a71c26b10

    • SHA1

      608d9647488cfa2b5f84a891028168a973bfcfa9

    • SHA256

      1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac

    • SHA512

      e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f

    • SSDEEP

      192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn

    Score
    3/10
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      185KB

    • MD5

      ebd8f39955197ae4ace1d06fd42b4c4c

    • SHA1

      9610d8f9a3cf316b2df96a82b9841bd96e8e29e6

    • SHA256

      c0f381fa5e4183912a46d1d892534bf8c39709f660d2c1aaef40fbd793977131

    • SHA512

      29328c3ad864c4a5576bd46b4f927b6c2c664c150666b755081312e3ed527fbc459bb0966b71ea21a177d48695f15dad4bab84cdc26b6c32e5921ee26fb976e6

    • SSDEEP

      3072:ctaLa+/4A9M/2CYolPEtelZN+tVZaftogjHBYCkn0:cEW+/ZuYol8cN+7ZaftogjHKCh

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Modify Registry

1
T1112

Credential Access

Discovery

File and Directory Discovery

1
T1083

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

5
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks