Overview

overview

10

Static

static

10

Lowkey_Spoofer.zip

windows10-2004-x64

1

Lowkey/Low...er.exe

windows10-2004-x64

9

discord_to...er.pyc

windows10-2004-x64

3

get_cookies.pyc

windows10-2004-x64

3

misc.pyc

windows10-2004-x64

3

passwords_grabber.pyc

windows10-2004-x64

3

source_prepared.pyc

windows10-2004-x64

3

Resubmissions

04-07-2024 00:14

240704-aja8yatdpj 10

04-07-2024 00:13

240704-ahtc5atdmp 10

04-07-2024 00:12

240704-ag9cysvgma 10

04-07-2024 00:05

240704-adjywstbnr 10

03-07-2024 23:40

240703-3n1cvascrn 10

03-07-2024 23:38

240703-3mqr1stere 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Lowkey_Spoofer.zip

  • Size

    76.1MB

  • Sample

    240704-aja8yatdpj

  • MD5

    bb6d1b58759c525c8c1b90e264822567

  • SHA1

    0c10c727d374ca503831b9ad0c02009a6e5e90fc

  • SHA256

    2df3a1bea4ba0d40486ec28fa567386959e9e7cb5ac99743ff836826525d978d

  • SHA512

    206f6056fe91d499e2dc362ffdbfa39fa27ce1f99494924755eaaae484de4586fd4325b4cb334293fabe9674e2aa7ad0b78c6e6579a177a87bb8996d5d0cc15a

  • SSDEEP

    1572864:djoa0vjkOGIT03tYThbOg7sSk1r3r+G7YHgY0DEjNED6enYCFPmaPdgFz6n:djx0LkOHY9OicsDSdgZEyYYxMz6n

Score
10/10
pysilonevasionexecutionpersistencepyinstallerupx

Malware Config

Targets

    • Target

      Lowkey_Spoofer.zip

    • Size

      76.1MB

    • MD5

      bb6d1b58759c525c8c1b90e264822567

    • SHA1

      0c10c727d374ca503831b9ad0c02009a6e5e90fc

    • SHA256

      2df3a1bea4ba0d40486ec28fa567386959e9e7cb5ac99743ff836826525d978d

    • SHA512

      206f6056fe91d499e2dc362ffdbfa39fa27ce1f99494924755eaaae484de4586fd4325b4cb334293fabe9674e2aa7ad0b78c6e6579a177a87bb8996d5d0cc15a

    • SSDEEP

      1572864:djoa0vjkOGIT03tYThbOg7sSk1r3r+G7YHgY0DEjNED6enYCFPmaPdgFz6n:djx0LkOHY9OicsDSdgZEyYYxMz6n

    Score
    1/10
    behavioral1

    • Target

      Lowkey/Lowkey/LowkeySpoofer.exe

    • Size

      76.4MB

    • MD5

      78b5e26ec72b1a7316cc974d69a290f6

    • SHA1

      225e444bce01d3d15e58a701e99401881ae81d59

    • SHA256

      b35c62a207c2c7c1f6c1c4734bc83153d5b6f1d89c2d5c5952e8a650be5ba21a

    • SHA512

      3fe8a0b821f3fc9cf91656b8d6d720fd18616a63ae64f3f452bb90455162008501c42185666e8177979189f2163ad3f37ffde4f136763079de0d692f31fbd19b

    • SSDEEP

      1572864:rviEKl7Sk8IpG7V+VPhqYdfME7FFlHFziYweyJulZUdgAdW4sjtusla/Z9U:rvZK5SkB05awcfhdCpukdRQAX9U

    Score
    9/10
    evasionexecutionpersistenceupx

    • Enumerates VirtualBox DLL files

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral2

    • Target

      discord_token_grabber.pyc

    • Size

      15KB

    • MD5

      990bb1210323b8968b180576cf8114d6

    • SHA1

      a4e11d7cdeb37fb32d768085263ff9fd4e51ac0b

    • SHA256

      b4a60b0e4f82707a8c5fb7f3fc0cc78576c7b45217617185ab34a90e2e052208

    • SHA512

      43d1e9db58d160b15d6daf5677f2f63ed8f3fa494a886bf07d229829ffc84af17f9c81f61bdbf23dfa54a1bebafa7e562f805848b64de08bc8cf83fe98a2188a

    • SSDEEP

      384:YGC7RYmnXavkxzG7WltcrhntQ5saa2h12VA:YGCuvk8WltcrttQ5saaCsVA

    Score
    3/10
    behavioral3

    • Target

      get_cookies.pyc

    • Size

      9KB

    • MD5

      9bdb8627dc166823e7d60603575b689a

    • SHA1

      de56b5f8b3e891ad07760544132bd357f1e62368

    • SHA256

      1078edad1660d103c2135793ea9707e4ef7877fb4be7b87c0e538ed84920212c

    • SHA512

      789d21f744eff44456585fd27cd88a67e26b55ed1a043aa76a4b5e63f7dfad99013ca09b15fabecd041f8d35f8d22502c08efd0bb11d26ca083f02a64eae6d3a

    • SSDEEP

      192:kNal3eiNis9QfUFoxJvm79F211G67+PtAhN:kJiB2lrj7jKlAhN

    Score
    3/10
    behavioral4

    • Target

      misc.pyc

    • Size

      4KB

    • MD5

      204ee497021e32209ddde0c015b4dc19

    • SHA1

      6aa2c039e6b6fbfb3620d4fe42d115553702146b

    • SHA256

      a8355eef70645468d11a410d1402e0cab31a194e87172b523b1ff3dea5dbb0c2

    • SHA512

      961b15c0efe0478fdf9287e7b3b709233bcd9524be708f426b75dc91eb07ddfc2a2ce4f347d52a3e7402f5307ab755af093d660662fd3c4c465fd41e8d138d12

    • SSDEEP

      96:ySMlhlv6KPDweHPF8+VB7sHIZGhIW0vmyyZ1k93hub:LolvJ0evq+VBXZGh4vmV1kFhub

    Score
    3/10
    behavioral5

    • Target

      passwords_grabber.pyc

    • Size

      7KB

    • MD5

      bbb6ab7b8230cca0ac46532a612143d0

    • SHA1

      4bf5ebb19c5807cfb4b48191ec65b329d67763cd

    • SHA256

      8655f8885fa28c9633563e0264e65206eae277fb020f85a836be27f0fc3d7ec4

    • SHA512

      21353818de5a2e192bcdb38e0765b675258ae733eb634c1b01fbf53dc22946b0eee127c975be7a63d20a8db2b87521fe0ed85f2ec09dcc2f3adf5a7fea0b180e

    • SSDEEP

      192:h114qWLfhuUIxzOK2cxDJb+XUhetovxEPz:V4qWLfMtzVxDAEW7

    Score
    3/10
    behavioral6

    • Target

      source_prepared.pyc

    • Size

      168KB

    • MD5

      426743ad2ba02e7a8646b4749528ae0f

    • SHA1

      ac1a08da33334c839724e8680e5eade25d7cc717

    • SHA256

      0f9ba44d8db56a7f478e6e70086024420794d417035a2fabadca101f602d441f

    • SHA512

      aa87ef2e76ed8670e9e40ac01a4c385e31b652543af5fdbc1b7b8b5c934e94a2bf13562b3dddfd6e6223125a6650beb6a11441261d9c44e30dca1f8da6b8a6af

    • SSDEEP

      3072:teTH1NaOO/5ESl1RdotPZTJ0pZXScT0o+IvdXzUsTWP:sNaOO/5ESFdoCpUY0oosS

    Score
    3/10
    behavioral7

MITRE ATT&CK Enterprise v15

Tasks