Overview
overview
10Static
static
10Robux Hacker.exe
windows7-x64
7Robux Hacker.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Analysis
-
max time kernel
135s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 16:09
Behavioral task
behavioral1
Sample
Robux Hacker.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Robux Hacker.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20240508-en
General
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
b38f506528b3d6d5dbd851426c347b95
-
SHA1
e91bf4ef42128267934e21be0176e552480f5977
-
SHA256
85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b
-
SHA512
ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295
-
SSDEEP
192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 2684 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc1⤵
- Modifies registry class
PID:3788
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3804,i,1999448010053300448,1112699187621658374,262144 --variations-seed-version --mojo-platform-channel-handle=4000 /prefetch:81⤵PID:3992