Overview
overview
10Static
static
10Robux Hacker.exe
windows7-x64
7Robux Hacker.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 16:09
Behavioral task
behavioral1
Sample
Robux Hacker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Robux Hacker.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20240508-en
General
-
Target
Robux Hacker.exe
-
Size
80.1MB
-
MD5
14876666726ce716b152749698065aac
-
SHA1
f024f37bef3cc8ddb49a181003fef0ca0715f589
-
SHA256
e6d322c93c410af0529d346d4cea10fcc0d4871fc03f71d2362773576c3daa37
-
SHA512
54e577f2f7119ba95487ad99aed157f50c4e5b232f41d9aa0ff5b71994e1f12c0721539cf734909d4d73075eb1f881991f7e45187b89759438f150432bf9f152
-
SSDEEP
1572864:9vNBYQ3j0C3Sk8IpG7V+VPhqcPE70jCDPRQvljSvOul/JGZGHkVZWR9/HtsBqA:9vNBY+NSkB05awcVuD2wOuNzSo9/Mq
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
Robux Hacker.exepid process 2352 Robux Hacker.exe -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI30162\python311.dll upx -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Robux Hacker.exedescription pid process target process PID 3016 wrote to memory of 2352 3016 Robux Hacker.exe Robux Hacker.exe PID 3016 wrote to memory of 2352 3016 Robux Hacker.exe Robux Hacker.exe PID 3016 wrote to memory of 2352 3016 Robux Hacker.exe Robux Hacker.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Robux Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Robux Hacker.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Robux Hacker.exe"C:\Users\Admin\AppData\Local\Temp\Robux Hacker.exe"2⤵
- Loads dropped DLL
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\_MEI30162\python311.dllFilesize
1.6MB
MD5546cc5fe76abc35fdbf92f682124e23d
SHA15c1030752d32aa067b49125194befee7b3ee985a
SHA25643bff2416ddd123dfb15d23dc3e99585646e8df95633333c56d85545029d1e76
SHA512cb75334f2f36812f3a5efd500b2ad97c21033a7a7054220e58550e95c3408db122997fee70a319aef8db6189781a9f2c00a9c19713a89356038b87b036456720
-
memory/2352-1263-0x000007FEF5AF0000-0x000007FEF60D9000-memory.dmpFilesize
5.9MB