Overview

overview

10

Static

static

10

source_prepared.exe

windows7-x64

7

source_prepared.exe

windows10-2004-x64

9

discord_to...er.pyc

windows7-x64

3

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows7-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows7-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows7-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows7-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

03/07/2024, 15:38 UTC

240703-s26rnswhnh 10

03/07/2024, 15:33 UTC

240703-szn4vawfle 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    240703-qx6vrsyhng_pw_infected.zip

  • Size

    80.4MB

  • Sample

    240703-s26rnswhnh

  • MD5

    33e8cd92a4aef73aeb714ae22cab26f0

  • SHA1

    32c92e565512ecaa7821b6e54776090ad131404c

  • SHA256

    cc87aab59cd2f26c132a5534bee45ce1a7c63d37da884ca1cbc9a8544710d317

  • SHA512

    f3c1d88d0427012535cf5ae776013e542f86cd2f39033904bc6ee8a9e749279b1ed6d5829e7994d4e280f574ccd2462caeb1707f68604e367e58d6f9a79dabe0

  • SSDEEP

    1572864:Y0vejhmEpP6sJnZlruKmwypqS8iPnHQQy1VemMjfbvpqyC8ZLUvCxb:Y0GjhZn/qKmD8F1SfbBHC8ZLTp

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      source_prepared.exe

    • Size

      80.7MB

    • MD5

      151d7708e147957fb7d0fb4dd9cadd6f

    • SHA1

      60b73ba56f2b502aebd183806c64e40081db4dc0

    • SHA256

      b11384a3db715c4ed6c9dda48c0a07543f1eddc98031d6329b41269564545e91

    • SHA512

      e7c20767ec74791bf6c3edec77c89404e9e72601f74104c7509d0ffdde4bcc446ab654e6278baf3ea89538ce92d5fab6327b4f743d5d88477cf0c5d0a4d63d3e

    • SSDEEP

      1572864:EvxZQglKSk8IpG7V+VPhqYdfCE70lgLiYgj+h58sMwFWuWDxNwJk:EvxZxwSkB05awcfAeF55HM3

    Score
    9/10
    upxevasionexecutionpersistence

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      17KB

    • MD5

      e523026b612006e580e96bd9e2a8882c

    • SHA1

      03b9938701f7eff11a0c3632ed805e8188598c88

    • SHA256

      8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77

    • SHA512

      a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853

    • SSDEEP

      384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8

    Score
    3/10
    behavioral3behavioral4

    • Target

      get_cookies.pyc

    • Size

      10KB

    • MD5

      b38f506528b3d6d5dbd851426c347b95

    • SHA1

      e91bf4ef42128267934e21be0176e552480f5977

    • SHA256

      85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b

    • SHA512

      ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295

    • SSDEEP

      192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE

    Score
    3/10
    behavioral5behavioral6

    • Target

      misc.pyc

    • Size

      5KB

    • MD5

      31aa260c6cdeaa9d942cd0dcfcadd16a

    • SHA1

      a6818f3acf5c2ab9d65b41a81cb92b36b85cc932

    • SHA256

      b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c

    • SHA512

      0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c

    • SSDEEP

      96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ

    Score
    3/10
    behavioral7behavioral8

    • Target

      passwords_grabber.pyc

    • Size

      8KB

    • MD5

      704dced7f7530b19a34a5f7a71c26b10

    • SHA1

      608d9647488cfa2b5f84a891028168a973bfcfa9

    • SHA256

      1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac

    • SHA512

      e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f

    • SSDEEP

      192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn

    Score
    3/10
    behavioral10behavioral9

    • Target

      source_prepared.pyc

    • Size

      180KB

    • MD5

      683c7a6c055cd2771939f0032d9027ce

    • SHA1

      b45f5e5a2721c9412644dfbc691b1ef35ae8f932

    • SHA256

      ea02450c807f6cc15598184aae7067db51ceeec8ae8e24642228dd939c234ec2

    • SHA512

      2f10fd0f2cbe1bc39fb2b8e6e5439a79c227ae9e947168a1edc89ea4c61ca12f28e828b7bb0bcdaa32d7d8ea8774b9163efae773ecb8217f8d50f80631fc7ecf

    • SSDEEP

      3072:TwLagBA9oq8oolPEtelZN+thZaqPKg6NzZCknJ:MWgEEool8cN+rZaqPKg6NVCA

    Score
    3/10
    behavioral11behavioral12

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.