Resubmissions

08-07-2024 14:42

240708-r28qlawfpe 10

18-06-2024 22:36

240618-2jdslsselj 10

18-06-2024 22:35

240618-2hrm3ssejm 10

General

  • Target

    release.zip

  • Size

    12.6MB

  • MD5

    f3bf344b505893f403f29bba8a53797d

  • SHA1

    07f98e6e08b750d93d913018cdfb8fe1c3f08f81

  • SHA256

    658f91835d7daa63b43d3c618ade30f2444171fdd5c1dbfeefc287b2c5582921

  • SHA512

    78aadce2e84fb813bd85e845f9d42e30f6cd497fa97027410831f78125f832fec045447a94e8f68fc7efe59ccf628fb9c9cf91cd2dc8145e22dbbbe8985350d8

  • SSDEEP

    393216:C3vbECwqE7c2DYebNKLNJ+M3MCm85PAWZ:C/7w5crQOmtiGc

Malware Config

Signatures

  • A stealer written in Python and packaged with Pyinstaller 1 IoCs
  • Blankgrabber family
  • Discordrat family
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • release.zip
    .zip
  • release/Builder.exe
    .exe windows:5 windows x64 arch:x64

    2ac23c52e7647c5bbea38e98bb68c652


    Code Sign

    Headers

    Imports

    Sections

  • �'�����.pyc
  • release/Release/Discord rat.exe
    .exe windows:4 windows x64 arch:x64


    Headers

    Sections

  • release/dnlib.dll
    .dll windows:4 windows x86 arch:x86

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections