Overview

overview

10

Static

static

10

Lowkey_Spoofer.zip

windows10-2004-x64

1

Lowkey/Low...er.exe

windows10-2004-x64

9

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

04/07/2024, 00:14 UTC

240704-aja8yatdpj 10

04/07/2024, 00:13 UTC

240704-ahtc5atdmp 10

04/07/2024, 00:12 UTC

240704-ag9cysvgma 10

04/07/2024, 00:05 UTC

240704-adjywstbnr 10

03/07/2024, 23:40 UTC

240703-3n1cvascrn 10

03/07/2024, 23:38 UTC

240703-3mqr1stere 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lowkey_Spoofer.zip

  • Size

    76.1MB

  • Sample

    240704-aja8yatdpj

  • MD5

    bb6d1b58759c525c8c1b90e264822567

  • SHA1

    0c10c727d374ca503831b9ad0c02009a6e5e90fc

  • SHA256

    2df3a1bea4ba0d40486ec28fa567386959e9e7cb5ac99743ff836826525d978d

  • SHA512

    206f6056fe91d499e2dc362ffdbfa39fa27ce1f99494924755eaaae484de4586fd4325b4cb334293fabe9674e2aa7ad0b78c6e6579a177a87bb8996d5d0cc15a

  • SSDEEP

    1572864:djoa0vjkOGIT03tYThbOg7sSk1r3r+G7YHgY0DEjNED6enYCFPmaPdgFz6n:djx0LkOHY9OicsDSdgZEyYYxMz6n

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Lowkey_Spoofer.zip

    • Size

      76.1MB

    • MD5

      bb6d1b58759c525c8c1b90e264822567

    • SHA1

      0c10c727d374ca503831b9ad0c02009a6e5e90fc

    • SHA256

      2df3a1bea4ba0d40486ec28fa567386959e9e7cb5ac99743ff836826525d978d

    • SHA512

      206f6056fe91d499e2dc362ffdbfa39fa27ce1f99494924755eaaae484de4586fd4325b4cb334293fabe9674e2aa7ad0b78c6e6579a177a87bb8996d5d0cc15a

    • SSDEEP

      1572864:djoa0vjkOGIT03tYThbOg7sSk1r3r+G7YHgY0DEjNED6enYCFPmaPdgFz6n:djx0LkOHY9OicsDSdgZEyYYxMz6n

    Score
    1/10
    behavioral1

    • Target

      Lowkey/Lowkey/LowkeySpoofer.exe

    • Size

      76.4MB

    • MD5

      78b5e26ec72b1a7316cc974d69a290f6

    • SHA1

      225e444bce01d3d15e58a701e99401881ae81d59

    • SHA256

      b35c62a207c2c7c1f6c1c4734bc83153d5b6f1d89c2d5c5952e8a650be5ba21a

    • SHA512

      3fe8a0b821f3fc9cf91656b8d6d720fd18616a63ae64f3f452bb90455162008501c42185666e8177979189f2163ad3f37ffde4f136763079de0d692f31fbd19b

    • SSDEEP

      1572864:rviEKl7Sk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW4sjtusla/Z9U:rvZK5SkB05awcfhdCpukdRQAX9U

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      990bb1210323b8968b180576cf8114d6

    • SHA1

      a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b

    • SHA256

      b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208

    • SHA512

      43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a

    • SSDEEP

      384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA

    Score
    3/10
    behavioral3

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      9bdb8627dc166823e7d60603575b689a

    • SHA1

      de56b5f8b3e891ad07760544132bd357f1e62368

    • SHA256

      1078edad1660d103c2135793ea9707e4ef7877fb4be7b87c0e538ed84920212c

    • SHA512

      789d21f744eff44456585fd27cd88a67e26b55ed1a043aa76a4b5e63f7dfad99013ca09b15fabecd041f8d35f8d22502c08efd0bb11d26ca083f02a64eae6d3a

    • SSDEEP

      192:kNal3eiNis9QfUFoxJvm79F211G67+PtAhN:kJiB2lrj7jKlAhN

    Score
    3/10
    behavioral4

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      204ee497021e32209ddde0c015b4dc19

    • SHA1

      6aa2c039e6b6fbfb3620d4fe42d115553702146b

    • SHA256

      a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2

    • SHA512

      961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12

    • SSDEEP

      96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    behavioral5

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      bbb6ab7b8230cca0ac46532a612143d0

    • SHA1

      4bf5ebb19c5807cfb4b48191ec65b329d67763cd

    • SHA256

      8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4

    • SHA512

      21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e

    • SSDEEP

      192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7

    Score
    3/10
    behavioral6

    • Target

      source_prepared.pyc

    • Size

      168KB

    • MD5

      426743ad2ba02e7a8646b4749528ae0f

    • SHA1

      ac1a08da33334c839724e8680e5eade25d7cc717

    • SHA256

      0f9ba44d8db56a7f478e6e70086024420794d417035a2fabadca101f602d441f

    • SHA512

      aa87ef2e76ed8670e9e40ac01a4c385e31b652543af5fdbc1b7b8b5c934e94a2bf13562b3dddfd6e6223125a6650beb6a11441261d9c44e30dca1f8da6b8a6af

    • SSDEEP

      3072:teTH1NaOO/5ESl1RdotPZTJ0pZXScT0o+IvdXzUsTWP:sNaOO/5ESFdoCpUY0oosS

    Score
    3/10
    behavioral7

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.