General
-
Target
gasai_selfbot_cracked (2).rar
-
Size
133.0MB
-
Sample
240530-vy7wnseg9w
-
MD5
0dab82c0a992d65ac334fc01a3034415
-
SHA1
6072bcae488a681175405055ffa003e2756bfb99
-
SHA256
829d348eb2637386211bfe31b9ce1cca1c545e3a18a60bf20513a969fe97596b
-
SHA512
09c1557203fa5e62bfe8755b2af608d6f6fd1fd3aa34041b78a53c8be58663926cf7b7bef037dde53ab99970f7cc38e8981aafcc3a4a9c78e977ed7737710ab2
-
SSDEEP
3145728:1OtbcqKEKvkqWz6UjnLI/+aAo/3m1zZQGEkLq6N3FJ0x1E0rV:1H0Kvk2KLRxo+nLN3FJ0x1Ew
Malware Config
Targets
-
-
Target
gasai_selfbot_cracked (2).rar
-
Size
133.0MB
-
MD5
0dab82c0a992d65ac334fc01a3034415
-
SHA1
6072bcae488a681175405055ffa003e2756bfb99
-
SHA256
829d348eb2637386211bfe31b9ce1cca1c545e3a18a60bf20513a969fe97596b
-
SHA512
09c1557203fa5e62bfe8755b2af608d6f6fd1fd3aa34041b78a53c8be58663926cf7b7bef037dde53ab99970f7cc38e8981aafcc3a4a9c78e977ed7737710ab2
-
SSDEEP
3145728:1OtbcqKEKvkqWz6UjnLI/+aAo/3m1zZQGEkLq6N3FJ0x1E0rV:1H0Kvk2KLRxo+nLN3FJ0x1Ew
Score3/10 -
-
-
Target
extraced_code_memory.txt
-
Size
137KB
-
MD5
12bfefa9e6df5f0a2ebcddfc035c1f79
-
SHA1
7a26677b24631f284f1e71a89fb2bb897b48ec88
-
SHA256
8f918a95006baccce615a52f2c8c3fc093c41dbd8c6b88ab80fdd6e3103de0e3
-
SHA512
b529d2443dcb09a433cb2d6179325803e2814d4eeef8fb570c95a410949301db7e196d6bc1225bc5d8adca1c426e90644646b093c7382ca05ec7c404414ba22f
-
SSDEEP
1536:pQG31xBgVz8MCxGvOzuaJKnjzWu5dpfWvnZkA6Il9tXnRElCz3yl7RYFmBO2+TNY:yZGaEj93TNrYnGeq844KtQT
Score1/10 -
-
-
Target
gasai_cracked/Gasai.exe
-
Size
101.8MB
-
MD5
be4c06fafcf75bea728c6fc5c9a8bd8d
-
SHA1
c610f057ed82a128d0360d10160bcefe40e05ad4
-
SHA256
efbce42a1ef148232051b6396f21f308b2fb14e5332dbf0599393187a548abd8
-
SHA512
d126dadb5f67d4d04691d20ae2d22c30b8f39004ff18805d0336109adcbc4d882db4250df484fe404a69c29b4bf8e623414997d79885b8c70395714fa9b7d0c2
-
SSDEEP
3145728:bWpiySwgYRaISeDB1jdvHqpN/SC++VN/SLqrn0/fu/f:bWoySwx2s1jVKSCcqV
Score7/10-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Gasai.pyc
-
Size
1.2MB
-
MD5
3342f7d8b8e1fab88c5bf9e9458c79c6
-
SHA1
a7870442e581dd5f646170275067aa1f202233ba
-
SHA256
2d4d9c0c2e4df64e89146b8f55f71089503f169a857f75cd9f358959157352bd
-
SHA512
0b927a0db9af578b56df24b9692299a7d894d904adf1406f0dd3ff6e2c3853c405cba8c5da5cf33f6094d0cdc8e2e81b4789f809659ab0db45f102406be1bd85
-
SSDEEP
24576:mSrh7pGIEckPfMzQX6b8rL7nPb24J+gerw2hPWFyBnQv6w:mINy6QXGCfT2w+R9Vw
Score3/10 -
-
-
Target
gasai_cracked/config.json
-
Size
3KB
-
MD5
7e407328838fd5a8134b02d268ff52dc
-
SHA1
ad86daefda42ff6010fc4c5ca165574f7ba31ba8
-
SHA256
ddf21939cc50b2136076c837541b6b13400bb5559423da040a9541799cb96d97
-
SHA512
7dacd4ec0ae4f631dc2d31b1b9efdc609f298b148543ed37733ad7545759a4bf5075b4592f07ac491205ddc3c935146d1ade975c5c0d6672b88511c89d6ef104
Score3/10 -
-
-
Target
gasai_cracked/crack.dll
-
Size
2.9MB
-
MD5
e42615c8afc31caeddcc6080933fe10e
-
SHA1
30f545b60fe0eec20f00304c16cfdfd8860513f9
-
SHA256
37d493e23a12be12f02d3663348b1992d31f4a717637324922b1bab082ab7935
-
SHA512
62d0eea5c31cf83e8b6e14a51405161d88ad9b514485b33bf31863c15318b5fb18383eb1812ea13b117254fff245e5d034d4943822367ab25fd84219f6298de4
-
SSDEEP
49152:Vv58YPYu3ui4i8lHWXXh7R+2IeVYP8w4U5nVkHNgQOmC6yxI9BNVEpcBpa6YM:JPPnei4i8lMXh7RQeSkW5VCgEC6W0Bzm
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled
-
-
-
Target
gasai_cracked/device_whitelist.json
-
Size
297B
-
MD5
c54c7ad1ff9e01b3011672bd327d88ca
-
SHA1
d3dda77b36a4ef3251a7578a55cec467151fbde5
-
SHA256
4ea30da453720dbbd5a68562719740787bf6320551f91fd259473fe32cdbb629
-
SHA512
c683eafa93648b66a743e10bb35e5f8985d8968594abf6a32dec5a4e749f3f7346e1da390bed68768e605a69f8304aa302eb203e595846666adedaaedb05cad5
Score3/10 -
-
-
Target
gasai_cracked/launcher.exe
-
Size
4.9MB
-
MD5
05bc8e2e0473d2bcb2d959d5ecde2d37
-
SHA1
555f073467bbc064db4049d3ea6be5221d601d72
-
SHA256
1e13949291b38b35ff7ae80f701ca50753e47472c3667470a82a5206ad6d9801
-
SHA512
645297f215c4734acbb8d580f9be220cd42a8a7d9bcf3f08b149cbd1e4f867c06252f44915317052ee66599de7401def0f8477eae40973e680c247bc4293c88e
-
SSDEEP
98304:YKRGpvYMi4MIMPgQesZCWV9yfmYGefQBZaLHNjj5YdRBuwo:YIiv9iqMPzyHGef0SB5Y1
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
gasai_cracked/misc/Geolilte.mmdb
-
Size
59.4MB
-
MD5
254c9b3ba048a2bdd0944397b96fb212
-
SHA1
ad29f9c51fe8c851e36c264cabcd38483481eb62
-
SHA256
f163a2f9e374b0562d118d7765f0545aedf28591420197bbbf1354a183b78da8
-
SHA512
45b0313ed786a90997a39e6d172e9234630ae9acd55663d14eb7c4c123d1f58885124a667bbd02dd023aac7ed34d3ec0c719689dc7b28bbeca4f68fafff6561d
-
SSDEEP
786432:fggNlnQjvEhnHxoRENfQplsxdQ68/px5KvN/:qvExR/pQ/IdQ6cn4
Score3/10 -
-
-
Target
gasai_cracked/misc/gasaiselfbot.png
-
Size
84KB
-
MD5
88339b86ee22b37beaa7f77c48f50148
-
SHA1
95d3f67398e82e63096278bd897b8c03780eff8a
-
SHA256
6890da40de615c3b0cec429a24bff9f155021eacfbe0f27568f4542612a0aced
-
SHA512
8ef26f55ba9464b3b4278a9d539e186ab452e9f528b22a8801cf96d620c47b3debd4157552b6776e0457cbbe19a39732d676e9a2a648a55098e604fe98e0d18a
-
SSDEEP
1536:j333333333333338333333333Q/MZ1ANfqBdCSkwIthdEzQE0nb6zES5ra39fwGc:V/smcCljeQN3vqbR
Score3/10 -
-
-
Target
gasai_cracked/misc/img.jpg
-
Size
34KB
-
MD5
9bb352a6ddb0b626cf75476753d3d3e7
-
SHA1
9d8b9e3b2d271c439de996abeaa969670958e11d
-
SHA256
aed845da1d8e644283158e161521e697032d852fc4fdee0a34d596319eb87a7d
-
SHA512
c3941116e4df960421d5d1b4e19bee03cfb8ac1c859baaa8170aee4a90cb60e168d1ddc381413ebeea0f85f1b3933800a7e4be78c96621817aa20ae37e196758
-
SSDEEP
768:eFqRPdLn1Q/udXdettGCIG275RymVcLRxu:cqRxnq/uXIttGG29RLVcLa
Score3/10 -
-
-
Target
gasai_cracked/misc/spoofed_profiles.json
-
Size
6B
-
MD5
81c4b355911c21cac4599b0908838c4b
-
SHA1
dc9f0133b9773cf81564cfab510bfc53584d2e4f
-
SHA256
b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2
-
SHA512
fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714
Score3/10 -
-
-
Target
gasai_cracked/misc/tags.json
-
Size
2B
-
MD5
99914b932bd37a50b983c5e7c90ae93b
-
SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
-
SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
-
SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
Score3/10 -
-
-
Target
gasai_cracked/misc/yuno.ico
-
Size
264KB
-
MD5
e33046748c14f65aaa92dfa101311d02
-
SHA1
cbafcd2eab15fccb39dbb717fd08f8eb87b06443
-
SHA256
43af2e901593a4bc218cf56b8d0e23a8e2f63195987824874cf180369bf50de6
-
SHA512
279b14f881a6b120471f47b58e04c351e5c1313e4fb9515a156f6ff89d6ca7cdf5e1d66a3fe1ec7da4398f19ac7242bf431f8e15e7934fee30b1a12c11bbc235
-
SSDEEP
6144:FHOdOf2+cHqwh/rLyaBfhZ+mkM2tWJcr3CCpkjfTyNZQCbH:0dqD2TyNZt
Score3/10 -
-
-
Target
gasai_cracked/notifications.json
-
Size
452B
-
MD5
c0293d6d34c901fd94233598a49a6e88
-
SHA1
93e0f3bc1e5b02910369c513563f584a0cf75417
-
SHA256
27dbb979baa1c94b09c276e454405d43e3b8a5427a740d991b29e3bc50800176
-
SHA512
c60ec6c44c1932e6978cf64e17769cc9e553a1600ed0ec40c89eed9f0db60902bde17af0995e632e9ca8620b6d9e3b2f308aa9cb8ac5136aee3cf78f136b1d35
Score3/10 -
-
-
Target
gasai_cracked/overseer/aliases.json
-
Size
6B
-
MD5
16450068a58d20d2057e0ecfcefc55dd
-
SHA1
11ae40f7cd1a922c6e3f529b803e43bd74bcf676
-
SHA256
c6f8281620c2b87cf6a94f523311eae977e420ef9a6cda8667f61be906ceca90
-
SHA512
49b12b23511a09a05c97c2afbd415340fe78909f86ab33e481be512262f225be49e5473fb6bd2b904e0e46958f9f28351c933f8aaab51b319ae143287b3c7a9d
Score3/10 -