General

  • Target

    Soul_stealer-main.zip

  • Size

    6.7MB

  • Sample

    240625-kp2ceszbqe

  • MD5

    1a952d2ee32c3c81a154946c70f66fa8

  • SHA1

    175203103856deec4ce8cc20feeb322ec6b41a86

  • SHA256

    d49d6f48c8f34584d09ea6ece0a9bf2196a40f090aa6a195f95bc720cecde3f5

  • SHA512

    19844c6cf98cb9ae7d5702c816dfb3662a09f0f45bfeb529e73e6ee6938a35a41efe5513b93e5857913d032e8200df323f2f348d89398b159e52ddc92a7c46e7

  • SSDEEP

    98304:KNiDPHBiP2wQmHZ/7aw8ZyYtPhrgJDh9HrAXlF4BTmYIR2wAupWOYWMwJpfyHvrQ:KSH0PPaHhXramlFSSYIkwAuplYWMw/6s

Malware Config

Targets

    • Target

      Soul_stealer-main.zip

    • Size

      6.7MB

    • MD5

      1a952d2ee32c3c81a154946c70f66fa8

    • SHA1

      175203103856deec4ce8cc20feeb322ec6b41a86

    • SHA256

      d49d6f48c8f34584d09ea6ece0a9bf2196a40f090aa6a195f95bc720cecde3f5

    • SHA512

      19844c6cf98cb9ae7d5702c816dfb3662a09f0f45bfeb529e73e6ee6938a35a41efe5513b93e5857913d032e8200df323f2f348d89398b159e52ddc92a7c46e7

    • SSDEEP

      98304:KNiDPHBiP2wQmHZ/7aw8ZyYtPhrgJDh9HrAXlF4BTmYIR2wAupWOYWMwJpfyHvrQ:KSH0PPaHhXramlFSSYIkwAuplYWMw/6s

    Score
    1/10
    • Target

      Soul_stealer-main/README.md

    • Size

      2KB

    • MD5

      bdeb0a5e25a989d7ff34794a85c9e101

    • SHA1

      d9c6dc957a0ddb3df601082c6028898ecd92b1c9

    • SHA256

      3aa78b41af15f67248d637414832c6072c1c96c979c0f0e64d8da4965506d9a5

    • SHA512

      b19023ebcbbd7c047695bfeec33b839bf0ff13b0e2c107203cade037e3a6b784abe1afb51da96f53a9c6231a6f12a095cb88e14fbe0de59e62ff2cf04760d289

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Builder.bat

    • Size

      6.0MB

    • MD5

      434463370c5cb11945ee549010d826cc

    • SHA1

      3547091ad51a2eab11159739820635178f6abf6e

    • SHA256

      c60001134d37460ca2a17e4853c74069aa8c4d8850eb62bf1f1981f8675ccb5e

    • SHA512

      6c6aaf079ac0de0e17baa2fa5462a9ddf2f95330872bc406d699fdf55700824a4c40157d1bc48d7ac5eb482581ac02b9469c12b14e24d76b4895b95d797cb270

    • SSDEEP

      98304:ENeEtdFBC/amaHl3Ne4i3gmtfXJOLhx9fZAzDJ4wzQgsRuGK4R0OuAKM5Bfm:EN9FIieN/FJMIDJf0gsAGK4RXuAKM3m

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Hide Artifacts: Hidden Files and Directories

    • Target

      �`*0X}~.pyc

    • Size

      857B

    • MD5

      738eb894a5aa02b6521e68bb0165e2a3

    • SHA1

      4b0426e65bfdbf6fe1efb90696ca05ade0ca3f1a

    • SHA256

      3c4a4c308f8abc0becdf0219c914576d1c6575f5facf07da8ba6f341a3cff2fc

    • SHA512

      5804a40eb3d9bfc1d236cd3aff6d2497c6d073d573d736eb7990c7f394b72ef9c1b91ae02841c5a9983021fa40ebf6b1c3c618d1496fdb210dd88e7d353454f6

    Score
    1/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/BlankOBF.py

    • Size

      5KB

    • MD5

      b3d2f59792b99d98107717d6b7100cf3

    • SHA1

      5cf1f176236fb12fd665301a64be7d883ca125c8

    • SHA256

      73bd45bbbf96aa84a2abf5eef93513126bd3adbbbb5ebd5272776643d99c1fb8

    • SHA512

      1791b325ea86c56d35ff9c9216685dd7b3d0b0d01538de5cb6310cb64750daadbeccddbe51fc985bb22a8d8e67ab1a180708e7b97441e0daa2c0b1c14e918ed8

    • SSDEEP

      96:Fr54cd62hK9FFZ48PuCQYBX5oQL6oUMOQcL:FP6Us4B8JoQLBsQcL

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/cert

    • Size

      9KB

    • MD5

      b769e370f66299bca7f86932bc24925f

    • SHA1

      b4d882856a109412ed64c2449f51eab4697c844f

    • SHA256

      090b03e1ff82d53fb90c3776be756465d6bc4dc04b164348eeab703a72bb2243

    • SHA512

      a8e6b45c9623739b170aff0ae9109ceaa02ae1f1cd2a5f2ceca78c9b3446de010cea66afe2128795f441c91105fba5eaf4ba91991847f3874564d020a087ddeb

    • SSDEEP

      192:QpPIKfhig1R7JNfVZCg2tDKZpZfH0JOqsmVgz28WhBqA/v:QpwK3PVZAD28JN77hhd3

    Score
    1/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/config.json

    • Size

      976B

    • MD5

      17c98daace9d0baf81f6b9856c719c36

    • SHA1

      8797f3c08ee01ebd3156d273a751a32cd8149afb

    • SHA256

      28eb749c0057fa28835c64032e1bee33f42494168dc4d21f93383020eccc5a82

    • SHA512

      17dd9ec30682b7dbed78de8fc09e9be578ccf39d2613e8752eb82a7bf2af3b3600c94ea89114eb94473b009628ed138ecaee2ad053119e4c493492d2321290c9

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/loader.py

    • Size

      634B

    • MD5

      ca35548638710a32f6d4bc1a61a103c5

    • SHA1

      2703967c4376cc2e0ca20191eff97b85989d8310

    • SHA256

      e7dbfe873c719006f28e6526ef54215d7b7598bce5566734c552dab9f1f487e6

    • SHA512

      d1c0839326662b240dfa4bcea7284d261be46e9bb8b03f073e0328e361321f9cdfa740abd4541b2cdc21c806bcd901d3bc3cc36b9f7e0ee6191d189df0533061

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/postprocess.py

    • Size

      2KB

    • MD5

      bbed9f3d87c4927b2b2bc16a6ec4da51

    • SHA1

      c3bceb8a6fb5207abc75039e5a66afbf8324cd8f

    • SHA256

      72eefc2defd861c48721f235717a0f8de430ea8f2bc290b429cfbdc906ba539c

    • SHA512

      352cd87d379e0a338d44f3933b6b135a36ebe83607157dfe28330ec2c03c6b2bcbbb2d43b1a06487675eea662c76084b3f9777f5b8d0c9132d50869318fc3c78

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/process.py

    • Size

      8KB

    • MD5

      bd188d54f63b150b4ed6fad9adb37666

    • SHA1

      f9c8d9abb5d32cbe1b7af8c2cf972dc311010919

    • SHA256

      d4ee3542fbc2453c07b8fa9b2a36d49c46cf892dc1163ee345c6a8ef55921f0c

    • SHA512

      991c7488806f9c5eeb342eedd769c8ad6a13b6a3cff36c76ebea3d721b75925f95add0b3dd36c596b50c8026c89ef3bdd4f268aceb859e19fc461c39d84b1119

    • SSDEEP

      192:Etw1auOoI8I+IQI2Iz2Iym+IyIQICI0IiIgIcI6ISI+ISIKG2I0U0F+05dkIMN0E:m4iE9pV3522EQTq1o4mG

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/rar.exe

    • Size

      615KB

    • MD5

      9c223575ae5b9544bc3d69ac6364f75e

    • SHA1

      8a1cb5ee02c742e937febc57609ac312247ba386

    • SHA256

      90341ac8dcc9ec5f9efe89945a381eb701fe15c3196f594d9d9f0f67b4fc2213

    • SHA512

      57663e2c07b56024aaae07515ee3a56b2f5068ebb2f2dc42be95d1224376c2458da21c965aab6ae54de780cb874c2fc9de83d9089abf4536de0f50faca582d09

    • SSDEEP

      12288:3lPCcFDlj+gV4zOifKlOWVNcjfQww0S5JPgdbBC9qxbYG9Y:3lPCcvj+YYrfSOWVNcj1JS5JPgdbBCZd

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/rarreg.key

    • Size

      456B

    • MD5

      4531984cad7dacf24c086830068c4abe

    • SHA1

      fa7c8c46677af01a83cf652ef30ba39b2aae14c3

    • SHA256

      58209c8ab4191e834ffe2ecd003fd7a830d3650f0fd1355a74eb8a47c61d4211

    • SHA512

      00056f471945d838ef2ce56d51c32967879fe54fcbf93a237ed85a98e27c5c8d2a39bc815b41c15caace2071edd0239d775a31d1794dc4dba49e7ecff1555122

    Score
    3/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/requirements.txt

    • Size

      40B

    • MD5

      0717875d7e142fac144ac1e71d4ac6a0

    • SHA1

      a2b84254a7234831d5b50b5542d7c0e440b654af

    • SHA256

      c835fa03bbf8b1fea4dfea6001146028562a6716f42e3a8aa33e5a22d130350d

    • SHA512

      6c976e3f4a047895173b4165ca88449536abcc6b95e4889b528290420340500e8f4d1f0cee38ec65ec1e2a8d93e8fdbe88981c077b5357c6bd0e91da8b3c1677

    Score
    1/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/run.bat

    • Size

      1KB

    • MD5

      5beaf38a2e57c2813f6b19b3fb08aca3

    • SHA1

      424b0ae28d3ea1e067e8c29d45f1f84040eaa7ec

    • SHA256

      ceade703cb46e78226dc0331ea37f3ed9f681b5969b56ddd15ca5a39e8c067d3

    • SHA512

      7265b1a73f2d4841b62aec2f1eeb14114051f5b09fa47049ebb0a39ae220bdf35e747c98467aa56be8fc90aa7102888ce215edc88a52212b26ee915fdbe2d486

    Score
    1/10
    • Target

      Soul_stealer-main/Soul Stealer/Components/sigthief.py

    • Size

      10KB

    • MD5

      57156b83bcfa0c8cbc0fc36aa02a1617

    • SHA1

      a6aaf0f1e05924e6c6a27918f406c620cacf7a01

    • SHA256

      caf899aedb2b0fe154de2223d86604380d2cf4a47406f881cca680c8a4b063bf

    • SHA512

      63b8944298cdc7323ee7b193efa75018a759d10c6933d430ad62779231b9daca6b2dfd0fcac8e69b5846474b83c1deae5b82606d88c26bebad5bb31d50ff883e

    • SSDEEP

      192:J/j5U9+6E0yWYSF/DwI6CRH2dCYwqSfU15dkAJH:J6yMSfUU1l

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upxblankgrabber
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

upx
Score
7/10

behavioral6

defense_evasionexecutionupx
Score
8/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10