Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

03-07-2024 15:38

240703-s26rnswhnh 10

03-07-2024 15:33

240703-szn4vawfle 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240703-qx6vrsyhng_pw_infected.zip

  • Size

    80.4MB

  • Sample

    240703-s26rnswhnh

  • MD5

    33e8cd92a4aef73aeb714ae22cab26f0

  • SHA1

    32c92e565512ecaa7821b6e54776090ad131404c

  • SHA256

    cc87aab59cd2f26c132a5534bee45ce1a7c63d37da884ca1cbc9a8544710d317

  • SHA512

    f3c1d88d0427012535cf5ae776013e542f86cd2f39033904bc6ee8a9e749279b1ed6d5829e7994d4e280f574ccd2462caeb1707f68604e367e58d6f9a79dabe0

  • SSDEEP

    1572864:Y0vejhmEpP6sJnZlruKmwypqS8iPnHQQy1VemMjfbvpqyC8ZLUvCxb:Y0GjhZn/qKmD8F1SfbBHC8ZLTp

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      80.7MB

    • MD5

      151d7708e147957fb7d0fb4dd9cadd6f

    • SHA1

      60b73ba56f2b502aebd183806c64e40081db4dc0

    • SHA256

      b11384a3db715c4ed6c9dda48c0a07543f1eddc98031d6329b41269564545e91

    • SHA512

      e7c20767ec74791bf6c3edec77c89404e9e72601f74104c7509d0ffdde4bcc446ab654e6278baf3ea89538ce92d5fab6327b4f743d5d88477cf0c5d0a4d63d3e

    • SSDEEP

      1572864:EvxZQglKSk8IpG7V+VPhqYdfCE70lgLiYgj+h58sMwFWuWDxNwJk:EvxZxwSkB05awcfAeF55HM3

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      e523026b612006e580e96bd9e2a8882c

    • SHA1

      03b9938701f7eff11a0c3632ed805e8188598c88

    • SHA256

      8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77

    • SHA512

      a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853

    • SSDEEP

      384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      b38f506528b3d6d5dbd851426c347b95

    • SHA1

      e91bf4ef42128267934e21be0176e552480f5977

    • SHA256

      85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b

    • SHA512

      ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295

    • SSDEEP

      192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE

    Score
    3/10
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      31aa260c6cdeaa9d942cd0dcfcadd16a

    • SHA1

      a6818f3acf5c2ab9d65b41a81cb92b36b85cc932

    • SHA256

      b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c

    • SHA512

      0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ

    Score
    3/10
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      704dced7f7530b19a34a5f7a71c26b10

    • SHA1

      608d9647488cfa2b5f84a891028168a973bfcfa9

    • SHA256

      1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac

    • SHA512

      e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f

    • SSDEEP

      192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn

    Score
    3/10
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      180KB

    • MD5

      683c7a6c055cd2771939f0032d9027ce

    • SHA1

      b45f5e5a2721c9412644dfbc691b1ef35ae8f932

    • SHA256

      ea02450c807f6cc15598184aae7067db51ceeec8ae8e24642228dd939c234ec2

    • SHA512

      2f10fd0f2cbe1bc39fb2b8e6e5439a79c227ae9e947168a1edc89ea4c61ca12f28e828b7bb0bcdaa32d7d8ea8774b9163efae773ecb8217f8d50f80631fc7ecf

    • SSDEEP

      3072:TwLagBA9oq8oolPEtelZN+thZaqPKg6NzZCknJ:MWgEEool8cN+rZaqPKg6NVCA

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks