Analysis Overview
SHA256
658f91835d7daa63b43d3c618ade30f2444171fdd5c1dbfeefc287b2c5582921
Threat Level: Known bad
The file release.zip was found to be: Known bad.
Malicious Activity Summary
A stealer written in Python and packaged with Pyinstaller
Blankgrabber family
Discordrat family
Unsigned PE
MITRE ATT&CK Matrix
Analysis: static1
Detonation Overview
Reported
2024-06-18 22:35
Signatures
A stealer written in Python and packaged with Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Blankgrabber family
Discordrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-18 22:35
Reported
2024-06-18 22:36
Platform
win11-20240508-en
Max time kernel
14s
Max time network
19s
Command Line
Signatures
Processes
C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\release.zip
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding