General

  • Target

    jet.zip

  • Size

    112.6MB

  • Sample

    240705-qln6ksyfpk

  • MD5

    de779c3b4e36d82762dfc61ce9c9bbf2

  • SHA1

    6fbd58a60b3095ac4be7700006237ca9a3f5772e

  • SHA256

    5188c69bd772ebe6ca8b34e8c08eec90f63ffcf1d6ab20287e074732da21076a

  • SHA512

    71f857ae4bd5565654c1b4bb049e082d0f4a7d0fa8cb2d789581a35b9cc956f6855f295fb65156721e95c20af6291e2a735067647ed46d46e7f9def021546948

  • SSDEEP

    3145728:HtfPhRs9D5Zi+mHm47bSZvkG5MQbZ+mSUvh044h:HtfPnsLZi+mHm4XSZ35MAB044

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendDocument?chat_id=-1002245526003&caption=%F0%9F%93%82%20-%20Browser%20data%0A%E2%94%9C%E2%94%80%E2%94%80%20%F0%9F%93%82%20-%20cookies(0%20kb

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendMessage?chat_id=-1002245526003

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/getUpdates?offset=-

https://api.telegram.org/bot7258239318:AAE_J6DhWLSRk9YOV8l1ienRdy5HsJZuR6I/sendDocument?chat_id=-1002245526003&caption=%F0%9F%93%B8Screenshot%20take

Targets

    • Target

      _collections_abc.pyc

    • Size

      50KB

    • MD5

      194666bf2a5186532ff44ffadc6908e3

    • SHA1

      de4865cbf3f9feaf09093c46ecf3d7d82157ef3e

    • SHA256

      76009d50c62573b55d2aac99cee43d008eff99d8bc8a9ad886bad5337e971153

    • SHA512

      81f98a127936cc2a6d880670d7cfaf675412a4f99f98e3d0dc9a39e4c03b8671469da86917c9cf0b365aad5fcca4a03fdc08e9cba4ba64c58d19c3892c63998d

    • SSDEEP

      768:4WPgniRfl5zB2HNyGPWO3kimvS7Q4s5p7+wjZca6uUeRKivBjjW:4WPgni9+0GF3kimvS7QR5pSFuUGO

    Score
    3/10
    • Target

      _weakrefset.pyc

    • Size

      12KB

    • MD5

      6d02bed2dae60aa228e41161a577670b

    • SHA1

      69be1402efb3895f297ce092c5eaa97216f9cf9a

    • SHA256

      00fc576c9c1b7e42ec1d16ce25ad7b8306be7a121c222bff42f329789542d9ae

    • SHA512

      0bfe80d513882116d67076aa665989ec40e210e8dbdc429400b1ac68416b1872f53d7ee2ba0ec8f8a6702d0d5cee82205141e0b2e5a7a7c2f41a1f94bd00adc2

    • SSDEEP

      192:i08ugM6eaK79jcnn4e19oNpVZacWjMEwjj0JJBXRqdTZEw:ipV1JY9gn4e19oNpLajjME8jgBITZEw

    Score
    3/10
    • Target

      abc.pyc

    • Size

      8KB

    • MD5

      55eca4895d9663db2cf0f7e5fc2979d0

    • SHA1

      71acdc8d851bb34c8d349ea5d0ced79860508702

    • SHA256

      34361a95c9ade263424795d9c92ae5ef3af4038ca1de6b60ba724bc60f9a5f5d

    • SHA512

      358341792d06b65caa92a97d3cfc4681cc4a5f997decf850e3fb3a7f4024950f5a729ca5e15bc173af773e2f1fd761f966797fdaf8ffe7fba9d02ae8f2e36db9

    • SSDEEP

      192:S2+dPNnn84ttUUIs1p2lYUtCqMNbH/7fLrXLk5ebmzuUAlu:S2+dPxtttbzqMxXLk5eCMlu

    Score
    3/10
    • Target

      codecs.pyc

    • Size

      43KB

    • MD5

      de91b2473258f1d41907b13869c71cfd

    • SHA1

      0fb13bdb5259bd6a9892c140d85937b5ff9e9e57

    • SHA256

      26f5af7ce859a1016d0dd30ae1084751d18e50b6b2ce991314fe060ae6880845

    • SHA512

      0291a1479051402f8921f468d60ddd9524dfbf3d9fbaa5c24c551cbcb65682b4456cd5e0411506f515545dda6d13e6b3024c9a3dfd2f04520286ca0c760ab207

    • SSDEEP

      768:mctNHwz9foVdWcgxVeNYKbgP9NJgOs6bW0p1jxgabIBDvU2Ztq3EmGTfF2yEa684:mFrxVvZksxxg8IBQ2Ztq3EmGTfF2ha4

    Score
    3/10
    • Target

      collections/__init__.pyc

    • Size

      76KB

    • MD5

      bc9ab6d271a92014428c684f586166fd

    • SHA1

      1b2fcb284e4e728a1ccfe813628bd293223e992b

    • SHA256

      b6e3ba56de7ef07710636c9de0494b130a1bb48e4faa581e6f393253c20fa34d

    • SHA512

      ba6a7034e36ff6bd550fe44902cce5c6cfed6a7468528ceb06c45de07f7c2a776ac3defbc09e0382c60fcbd0d13717237b286678e8286d7390c8f7a4303cfc51

    • SSDEEP

      1536:gV9rvBlIgSbrTNFDRBPoVI8jubh0AbkcNrQRQoAX1EAwY9xU6S:i9rJegSGAVxU6S

    Score
    3/10
    • Target

      collections/abc.pyc

    • Size

      274B

    • MD5

      bce2673839e62a748717fb18fbf98037

    • SHA1

      65c0cccc6cd710fa94fd5777f065d755266d3a06

    • SHA256

      29691e0832cd8599185eca7bacae1b089fbfcd201ee7a1c5b676acb5b0edbefd

    • SHA512

      b3ab7187589e36bdaaacaa5f460c35c5f2c8ef54f7ebb9a08d9bf482768859eef99643257a30ca3501d78139b119fc0d280b8f5f31ede8f7c5af489baeb3adec

    Score
    3/10
    • Target

      copyreg.pyc

    • Size

      7KB

    • MD5

      addc13d419222de37ff4c30ea79d37b2

    • SHA1

      22221cf3dad5cfbe35f1b80b754d37c30de99702

    • SHA256

      056b9af052b9a66ce520d0ece213ad1e14f984095324214dc57207f36d714916

    • SHA512

      1ab656e3489e5dcb5ccc530cc5b7d7bf6afb54e832fd373a0199ebd9dfff26ed93ffcbb917ae46b4de171a2faa3914a6383f5789c0d161cc8fc9e3c37e98447c

    • SSDEEP

      192:7QHjFsVj85jbGa7lU0Qx4GL4MvX4ia7yfhm+Hj8TIxCqH7TG9TM:7QDqijb/xgZFo7sjJx9II

    Score
    3/10
    • Target

      encodings/__init__.pyc

    • Size

      6KB

    • MD5

      51a9b8ac955239a37df2f4250a047ae8

    • SHA1

      922c266d673c7e91e91ab6eed49d4966920d3d7e

    • SHA256

      314086193c51b899c10d94e3faffd59b741d29dc5acbfd1a418a96cd8f21bff9

    • SHA512

      e9388e6b3e35d9922e1041bbfbb29a7249fd4c53644c1e530d3db81843871803631d207a6ec4f03704c2b518bd652a3dfa5c009bab1b86bb257af60f4825113b

    • SSDEEP

      192:mYLpFkYXqEDX99euL0NYjxJQF00JXsDczpbkoGoAlUi:3NnXqWX75LSBXsDQ6Mi

    Score
    3/10
    • Target

      encodings/aliases.pyc

    • Size

      12KB

    • MD5

      80e6cdedb14228b2c711be998669e744

    • SHA1

      8ded011cd21c8d73458c23691ae0bbeef5c79d79

    • SHA256

      a94e50c1a052ee82c4d59180b082c00c101fbec295700855958cc0a5052d1e05

    • SHA512

      f0e72222a1a27f650ae06a354bcf678a61866d5b3bbb1512fc9e6939b9fbd1c84e28b0e0b811adc3cf984095970d109a226b7b2eacc30a080eac3ce1bc201731

    • SSDEEP

      384:qEXG0bueBU6uHc+TMPUfxYtwI9CwZIb0xX:qYG0YGsfmtwJiIqX

    Score
    3/10
    • Target

      encodings/ascii.pyc

    • Size

      2KB

    • MD5

      d7109d54ee1e9b7d55ba54c7e24e2ac9

    • SHA1

      9647f78a4391221ec6f778b34cf37f76157fdad3

    • SHA256

      d1cc838d84d63c045851c0ec014a44de5babe63b0ab87fd0e3234a412ce2a375

    • SHA512

      23dd065a82adff97c93bd697a1b4c33e74f2951f795fbce70e88237a28eeaecb927d79c24b1b12f33dc5c6bb588de85ae11b78eb4c2464034410b8fa2c58159c

    Score
    3/10
    • Target

      encodings/base64_codec.pyc

    • Size

      3KB

    • MD5

      5bb9ee03c028df3b7fb7f2642e0df7af

    • SHA1

      755bd75a01cc0fe9a478ec3dace329ce64c5dbdb

    • SHA256

      7afec742dddf38d4c30ede023b0c8b36b1f5c9537466f380316dfda0805600c0

    • SHA512

      93459f41e8a7f83c1e28bf810d2489dda966a65478966cf896d075af5fe0840b0992ae5da126458dbb508cdca6c7a71de0c177af133b540974c4745e5109bb56

    Score
    3/10
    • Target

      encodings/big5.pyc

    • Size

      2KB

    • MD5

      a3009f4b2f64d843b6f4bd69e28da679

    • SHA1

      98ad5db3a8ffeca09bc5fbc24ecfdf4f4821359c

    • SHA256

      385ecbb815e394c4247aa125c352f55ebcc9a3fd272bac494b25a31a576aaa1b

    • SHA512

      755a48c2f0d7f96c3d1573a645aa9b1cf8ee8f88650fbdaba9ab54637135fbc97e2db5a29a1abb3b2a67e4b9ab9cff4a0efe126ed28e7b3b3319fd9ebbdb724b

    Score
    3/10
    • Target

      encodings/big5hkscs.pyc

    • Size

      2KB

    • MD5

      6155da3d274adaf47719aea5fcbc27bf

    • SHA1

      fd4ff9b9599417f6bcc3953d0b7c5c9d4e85f47f

    • SHA256

      928f752c3884b363b7314a17beca565ceb97514331ae99984ee71a75abe79d07

    • SHA512

      3ee688f897e42ad57d17e4105288422886d5faf9da9d328dff30adc92cccc7b06eed174329de840bc5605acb62838fdcf15e3e7e6263096084fce8665672ba6b

    Score
    3/10
    • Target

      encodings/bz2_codec.pyc

    • Size

      4KB

    • MD5

      8048effd108842ac6bf06274a21de02f

    • SHA1

      cae208654a761ac0e7f1f57aed3bdaf5ff43d9a3

    • SHA256

      8a0eeef9900c16eda30b5dc6e7b4902da24b6e41f05f5d4cd35bcc5067e0ef34

    • SHA512

      9a1273e7ac04db634f0d15f0555f3d61595d936f101a24a087cd36a03ecf3d1fb40e26405071c1061ff38d7eeb9f5e87c9cc78f145616009ec72588e1592672d

    • SSDEEP

      96:OUdAGtKGYuftcL2PtoMqDC912+xovof4daT+sIIwGK:bmGtKXu+L2PC3DC91xCwfNIIwJ

    Score
    3/10
    • Target

      encodings/charmap.pyc

    • Size

      4KB

    • MD5

      2ef000b3ddc92256c1b0f4184780352a

    • SHA1

      6362a3bb0ddd5cefc0bd2c7c6be153e2f630b17c

    • SHA256

      6666c397b110390c8e61d26a34ca15a1335e632af1b843c9be41445e808f130a

    • SHA512

      e9d55c00b53345229e3d6bd42b61749615ebf031cdc0419e5f648c331abc71b0fad0f0b0302f170c7c8cd4ef53c24961db05b89c6671b0626e7ecd6344e854c9

    • SSDEEP

      96:/9dlOoowce3UufLaDwj+5RnSadcRXQSLfE1:/HooodGUuTaDwj9adQXrL81

    Score
    3/10
    • Target

      encodings/cp037.pyc

    • Size

      3KB

    • MD5

      aa5511d6cb95b18d3d75cbcd1687dadb

    • SHA1

      4c868a590583ddfd90ce7d4b98e70e72f4d0a4d8

    • SHA256

      5a3649822f3bd73867e1289d70a9849773a64df28b51d99e1b8b8c84afe71433

    • SHA512

      d39cb318a7196664ca31fbb4efcaeda2fa0bd0247e0ef6f3e888e61bd86d8dc6bcec59405924cf62ebe9a04dd49f866af0c3de7012609e1d8cdfb6d6d64f3581

    Score
    3/10
    • Target

      encodings/cp1006.pyc

    • Size

      3KB

    • MD5

      e7f02dd6d82a6a0869d93178519febc9

    • SHA1

      8b2dc25fbadba6c4d8451a5476d0cce3d6314ec7

    • SHA256

      5434f0e8765ea97109ba318c3162c589fbf0a386cc3890c347e85bfcad64d628

    • SHA512

      c763d5bb65e6edd73d58abd30f17cd53ba2bd78a431360e266ee20c303db8814a27eee0706e599b999edab2b4f2a1d9e328b93a1e7fc0deb3d4f3b4fd0be5963

    Score
    3/10
    • Target

      encodings/cp1026.pyc

    • Size

      3KB

    • MD5

      e1044eff9cb371ec6f24a941b0548130

    • SHA1

      84b443d110e6df9b2a93bbf745ef192a7d616a8c

    • SHA256

      c0ba2b28c863a53fd6f1d35f3fde0e8d1d048a164c40de1374fb5828cc9f3c84

    • SHA512

      3c3a71a90270835523cf0ddf4a3a7dfb170788cf9c68acc149bff97b0a6926570c485e2e3d4cfb6f2a5bc11a3c947084d8c11caaa18541da379703af476b4681

    Score
    3/10
    • Target

      encodings/cp1125.pyc

    • Size

      13KB

    • MD5

      520a1f814f59644b388dab6ff63ef919

    • SHA1

      a8f450f00ba52dc0dcbabc11ac63dcf4b920bd78

    • SHA256

      ee8ca92652831899f465901eebc71f6e01a371183fa0e6e8ffb3816afa49f96c

    • SHA512

      3671bc3e763704dbd4bf6adb94ab216bf72e70fe1b28fc89936f5b6e8e3f1773d49bd3df24648feeb747de6b99cf57c80aa64f92aa4f57606e7a7b1da522fb9b

    • SSDEEP

      192:EgmHsrL2DfRevF43G+JfeS4bg968ojFhUQEnXRJnpglmzhxnKl7hCa4q5VAtnEw/:/JSg943G+3480yQ0pgcxnENzBAGq8i

    Score
    3/10
    • Target

      encodings/cp1140.pyc

    • Size

      3KB

    • MD5

      822703131bf83e1ddbb09fc0d06da818

    • SHA1

      5a12d8e67dd5761fc89a4ea946912ca766d74ec4

    • SHA256

      b038536851a22a318fa169de101697d3960db3dcf4afa57f92cc43f90c7270d6

    • SHA512

      a0aad1bf6b6a800109cf81bfb6dd2ffbe7056af71f32bc8f1bb0f9fb460eb9df80e95b504ff9e217a75cb21c79d60d5037061998afeb96743e27fc2bf987ae4a

    Score
    3/10
    • Target

      encodings/cp1250.pyc

    • Size

      3KB

    • MD5

      fb2f9d71ede641e6aa999bcad3e1eb32

    • SHA1

      b05da50ff27ea1c9be69e7bd8129ba321323089a

    • SHA256

      1e875f73bff0ba30509669f2754a93971a157857b28b404cdc3dd8aee323f92e

    • SHA512

      0330cf4f149ec42004b7f48d7402bb3732b6a73a1a1cd004932e806132cf92e197b4d70288e759215154fc744f4321822884db2e89724a1ec37126aadc7743b8

    Score
    3/10
    • Target

      encodings/cp1251.pyc

    • Size

      3KB

    • MD5

      d96c10afef1b5d6fb244e2c634a03e3b

    • SHA1

      c9c80fcaf71435302807c227f67e1c1d02d3ed79

    • SHA256

      efcf3c2620072e6a0cc923795d9193aa495ce5186bf535fa742845383e8c5238

    • SHA512

      8eb6c185790621d67912d68903dab42ee257c1d6fa9dbe6af7cda89d78097654bd021636c363cbe98ba1bcbe18fb78a5e65ed11acf169a99a45801d58cfcf267

    Score
    3/10
    • Target

      jet/build/jet/jet.pkg

    • Size

      33.9MB

    • MD5

      cdb06694672bf0885b437b8c5f272240

    • SHA1

      8ac57003c042df9021d794072a251ba178bb9297

    • SHA256

      55b27ab744fbbc1149e9336197c81c47027000751d6c8e76e755bdd89f6e9de2

    • SHA512

      ca01257a8dbe5e7ccda79a0f205250a72f5b12b95a3074f2cbfb9326ed5805ccaa5fb717abcb8b9c39fa447b1586be4dc8d5f8b83be4d1ca84073363a0462b6d

    • SSDEEP

      786432:8uXHiRyc0PacOHzeMKVxzx5cfOHzeMKVxzx5cU5FRA3L:8uXHLc0PacOHzDCd5cfOHzDCd5cUzRO

    Score
    3/10
    • Target

      jet/build/jet/localpycs/pyimod01_archive.pyc

    • Size

      6KB

    • MD5

      9cb8d561bb376f1a50e0695cddfa2875

    • SHA1

      a8549289c2f06eb9b1687dbbfee591142bded26d

    • SHA256

      49d7a13720f41256dfd249c78f522b6abc44ccf527e01c36888711465b2703f7

    • SHA512

      7fe4b2f2dfa139913746ca7572e725a4912461939b232f88fe465db14e347201970c652ad38e60ff747cb6593bda58a0918e9adc238fe92ad9a0cc6205d1cf4c

    • SSDEEP

      96:yLjsS9KCgfh7KlNU7vwHKrc6TH/M3j7dX33732QoG1VIc7xTn:gQfDEU7vALOE3j7dXHSe79Tn

    Score
    3/10
    • Target

      jet/build/jet/localpycs/pyimod02_importers.pyc

    • Size

      24KB

    • MD5

      bc94f06a88cf8dc239f4f5f21b249581

    • SHA1

      9c2c434475bc32fb03b1e251f835354823f6b806

    • SHA256

      6a04e26ec9353e3c5ca5963ead62c282338e438172d943ae372103d1176a1a02

    • SHA512

      db1ba53b24ed0913a3defd6acd81107b059286157466b6da2a717c1c7880d1f6d560dd8974575c000e623f50caf0a8e0e5b1977c4851add6ae8df52488dd975f

    • SSDEEP

      384:X9QzI7LSq9nvn2aMiaQvbnhA9UBrkPlQ5O0eODtG0oRw:NQSLh9nOzGnhpklQ5WOUL2

    Score
    3/10
    • Target

      jet/build/jet/localpycs/pyimod03_ctypes.pyc

    • Size

      6KB

    • MD5

      97f55114b598cc197d056d5bd81a20b3

    • SHA1

      62f59751230675b98105e29c908aef2e467636c4

    • SHA256

      9eab6f4314c91a04a7e63766867ec79a09f8741938646b1823a03cbebc2df1c5

    • SHA512

      b8e02bca2442314dc10405b2a8f3fd250847912c17b7d8412255311ea344c3d0f31b0791d026775aa3967bb9b854f8a0b33eacf348e5245c5c7fe486db9feb4a

    • SSDEEP

      192:pGaERc785Q333TAG6t9bGzy3Gz4xKTGzDwvOxqDI5p7gI:lvtAPzbOy3O4xKTODMvI51v

    Score
    3/10
    • Target

      jet/build/jet/localpycs/pyimod04_pywin32.pyc

    • Size

      1KB

    • MD5

      7fa0809dca62fa9af74dfba2b22d6880

    • SHA1

      ed6e6acce208ce7854eda01c3db1ad9b703415c6

    • SHA256

      e4be554242ddf614bced8612073dbb0b01e5240aa46ec0adabd4c67c2b973b0e

    • SHA512

      de896463a42b56e803c137d82a297efe0c313dc836dc1942dca9720b6813a529284552dcff128395eb309308699b946a428a758e018829139550915ba40d5b27

    Score
    3/10
    • Target

      jet/build/jet/localpycs/struct.pyc

    • Size

      360B

    • MD5

      24e09d10b7c28c3f77d7c48cc5479247

    • SHA1

      493b002be55bfdb8c8689f862bcc0f2b635963f3

    • SHA256

      251582e6a5dcc2c8059159e997de8754b2b52f47c13fb9f6246aeff0673509bb

    • SHA512

      6ca68e882c248c22cecb752a6c8eea6d5ee7d8cdc3e65b2cfe3079e4d90ddaf128e9ac5ebd58f107cb043ac54c9e96809bc19ba700567c286b11d0dd5d58ecf7

    Score
    3/10
    • Target

      jet/build/jet/xref-jet.html

    • Size

      936KB

    • MD5

      169ea2c9dfaa93cee1781aa57cdce7d7

    • SHA1

      38190d78769dfb93c076f3ebb1a64ccbde4ee92d

    • SHA256

      d9671fc5d2b854114de0b11f0fb835f17c3373c987bdad835aa9cf04d17645fc

    • SHA512

      280a7204d599b7cf4fba496cba2ab22e277ad047036b52d1d74d60c93855e974efc8c5630907636c22dff211e96771ea813154e5fa586a3c4114762f5121a242

    • SSDEEP

      6144:Mfp/jXvFEfDuoRx3WnTWRNuRFvyK0HaqW3Em4yD1XX5YtedxJcc090hbA4y35Owh:mpxNqpp1p3pW1dasc

    Score
    1/10
    • Target

      jet/crack.dll

    • Size

      2.3MB

    • MD5

      10f5e8139433eb7087c7946c0659cdf2

    • SHA1

      a5ed6ad5115e3d1a9b274d5132ee51d94ccdf568

    • SHA256

      031ba5a69b202f5d7a5dccb8fe7795aa711acdcf9d122e776f08badfd24a510e

    • SHA512

      413638b28320378930c33726246eae113925e7034d05503d4e0277402c600f850f8d96d0c259925d7dcac1abb12353c0935dec7f466013d523bd4075be621d48

    • SSDEEP

      49152:XwFdjXhom+KbllCmGFZYCY+DWefdmjLdGGf:4om+KboYCY+TfdmjLdGGf

    Score
    1/10
    • Target

      jet/jet.exe

    • Size

      34.2MB

    • MD5

      5e06053d551d8d4030796d1f962aba92

    • SHA1

      6cf2351a65be0515dc1392b59902774f476c36e8

    • SHA256

      1ed92d4e3caae52e8b39dbe22d031c4a057355befa038045ebc7383e1da1f9b9

    • SHA512

      9ecc16aa0c0e8ed6d817b701e86a6db320c7167d399349bd97f109dfade95d6ee3f786dd4b2004e0e396a090fb509633aea6bbe46065853a3abf42f3c2782bee

    • SSDEEP

      786432:VuXHiRyc0PacOHzeMKVxzx5cfOHzeMKVxzx5cU5FRA3L:VuXHLc0PacOHzDCd5cfOHzDCd5cUzRO

    Score
    7/10
    • Loads dropped DLL

    • Target

      jet/loader.exe

    • Size

      39.3MB

    • MD5

      cb5900d8c99b9b2b8391c5e07de93048

    • SHA1

      21434e75d38c698a924a28a39498f230ba1e23f2

    • SHA256

      53d60f5a2e65c6aae90eb6e9f872cd381fc152f33e8227bef5fe27d61e09ceb3

    • SHA512

      148be276c6a8b98971c975c27a7b4d27146667b80447198d09777131b2dd5511de51db3ded5b3d04b72a85f12f772792e0590427c3cbceb2b1d9b5420d9d205d

    • SSDEEP

      786432:vp039FS+ab44n6ASQSc6k00CZcKoTMS4n4BgmpHvT6CKrftQKN:vps9Fnab4+6DQSc6JUCSC4hH2CKLtQK

    • Gurcu, WhiteSnake

      Gurcu is a malware stealer written in C#.

    • MilleniumRat

      MilleniumRat is a remote access trojan written in C#.

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Contacts a large (1198) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Stops running service(s)

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

pyinstaller
Score
3/10

behavioral1

Score
3/10

behavioral2

Score
3/10

behavioral3

Score
3/10

behavioral4

Score
3/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
3/10

behavioral12

Score
3/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
3/10

behavioral21

Score
3/10

behavioral22

Score
3/10

behavioral23

Score
3/10

behavioral24

Score
3/10

behavioral25

Score
3/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
7/10

behavioral32

gurcumilleniumratdiscoveryevasionexecutionpersistencepyinstallerratspywarestealerupx
Score
10/10