Overview
overview
10Static
static
10DW_Reynold...07.exe
windows7-x64
7DW_Reynold...07.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3General
-
Target
DW_Reynolds_Alpha_V1.07.exe
-
Size
62.4MB
-
Sample
240730-bn9gzazhmk
-
MD5
06e8ec8d1efc24b6c2701f795e908006
-
SHA1
0e8d0a32b502261c3ab4ae838109ad9ca749bd51
-
SHA256
9acd6adce129806682ec02315eec146bb0a6d999e43f00b4c2f8f0d60cb32cfd
-
SHA512
984cd1aef8d1012140ae7630d53a9aa7d0bb42b098348515bc5e4f876096e64d1811e32f7a67304bdf0a566ecb8cd15682c48b5ba1bc8fc0a3ac4f838c1bc288
-
SSDEEP
1572864:n3QtdirAH8+1osuTCSxOB6xMLiIf2qHWB75ilsZo0WX3Dxo:3kS6xjKcBa6f2qHO5iOW02zS
Behavioral task
behavioral1
Sample
DW_Reynolds_Alpha_V1.07.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
DW_Reynolds_Alpha_V1.07.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20240709-en
Malware Config
Targets
-
-
Target
DW_Reynolds_Alpha_V1.07.exe
-
Size
62.4MB
-
MD5
06e8ec8d1efc24b6c2701f795e908006
-
SHA1
0e8d0a32b502261c3ab4ae838109ad9ca749bd51
-
SHA256
9acd6adce129806682ec02315eec146bb0a6d999e43f00b4c2f8f0d60cb32cfd
-
SHA512
984cd1aef8d1012140ae7630d53a9aa7d0bb42b098348515bc5e4f876096e64d1811e32f7a67304bdf0a566ecb8cd15682c48b5ba1bc8fc0a3ac4f838c1bc288
-
SSDEEP
1572864:n3QtdirAH8+1osuTCSxOB6xMLiIf2qHWB75ilsZo0WX3Dxo:3kS6xjKcBa6f2qHO5iOW02zS
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
e523026b612006e580e96bd9e2a8882c
-
SHA1
03b9938701f7eff11a0c3632ed805e8188598c88
-
SHA256
8ae6baddc552f9a47c488760a3d3b04f217f7c999dbffc1a548bb09532e6bf77
-
SHA512
a0f15f5edecbab4894aa3b85092fc2bde34b76f6048b198ce387d59a56d6c74969201cc43d19cd27a9ff0a6ab72268884a90ef206f0be34a5707a7f6ea24a853
-
SSDEEP
384:cGllyAavwS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytvX9iRW8inQ6owoYOyM0d2a8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
b38f506528b3d6d5dbd851426c347b95
-
SHA1
e91bf4ef42128267934e21be0176e552480f5977
-
SHA256
85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b
-
SHA512
ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295
-
SSDEEP
192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
31aa260c6cdeaa9d942cd0dcfcadd16a
-
SHA1
a6818f3acf5c2ab9d65b41a81cb92b36b85cc932
-
SHA256
b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c
-
SHA512
0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
704dced7f7530b19a34a5f7a71c26b10
-
SHA1
608d9647488cfa2b5f84a891028168a973bfcfa9
-
SHA256
1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac
-
SHA512
e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f
-
SSDEEP
192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
140KB
-
MD5
076cd106ea162c80b722263e45df2ffc
-
SHA1
064fabab7e71449bb541cd0291032e9e691ded7c
-
SHA256
612cee507edbaed522bc1dc5c3f9b955e8caa43655e615278e627c978cd8af94
-
SHA512
c44c62ba23ec31e0a7108d0887e6b0be72d83b69637afe73f019ba541b393c6c665ba240f300ac5c1ace1a23d362b3283d1dc8e8829e724497a28c7af80506c8
-
SSDEEP
1536:evLXLaHB93F1aZdgThoo6hiPECAteSfXHThgQp5d0eHCkIfp:eXLaHJ12gKobPEte0Hd9pHCkIx
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1