General

  • Target

    60469e59dd3f911ea4c04971f62ff891c97c5612c654ddb114dd47f7a1565d63

  • Size

    21KB

  • Sample

    240808-vcjlyszdqc

  • MD5

    58780283c17f291ad66bf96cf7cb988d

  • SHA1

    ca16fd624c04c4b8cc5b5d6bfea412fc441b6b66

  • SHA256

    60469e59dd3f911ea4c04971f62ff891c97c5612c654ddb114dd47f7a1565d63

  • SHA512

    ab4fd4f094a78fc088dd08b565f2d5112b22ecf74f84d78d97a3e331b96560fdbccba30aa475a6c1af2a1467a52ac3e510c8b5fe4ad60d3d7b6e410ecbff533d

  • SSDEEP

    384:7Mq0S/JuBRJJqtSiiGo/cPxG7mVNerzocDjUsQAXVQ1C4uyRv:odSyzKLAaLwvocDjUWKuQv

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://captcha-private.com/duck

Targets

    • Target

      Twitter-Account-Generator-main/exceptions.py

    • Size

      1KB

    • MD5

      0613cc6e29e8bddca38554f6f0d75bcf

    • SHA1

      2a2e21429fe3fa5fc105122bbc7648b2680f026e

    • SHA256

      e83a4c3fb5a457b70bcf62424ad9669c2085181d3c4c77406e9cd94af60bc9f2

    • SHA512

      9ad9927ef63096423e3192aa2fe5b921d46c796b5930263211de272d35b51a39a450aa6cdbcabb8f462f614d9ccfed46966af73bb2053c751d9c3ec4adeb4885

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/__init__.py

    • Size

      894B

    • MD5

      623726fb9c1b0b2797c7126134086678

    • SHA1

      c2ab5b8a23b2b9839b51c74e69d215583ca2088f

    • SHA256

      1cdeb75d2c2081c78689fce72b6ca0c44a5bf7a66bdb3cb720d7120f043a606b

    • SHA512

      c478e42065aa8d68c78e7ca96c70fec88a4ae31878c771bfc98ff5b25c12a397c00475bc84834e7fec4fcd6fb5fe954a933f63a02321af47733bf69fbf8f4e90

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/captcha.py

    • Size

      4KB

    • MD5

      86768389643ad0f4a8101caecf72f65d

    • SHA1

      a922aa68d656d38bf9df0fa91a4c91bd3600cae0

    • SHA256

      13023e90d3d98d02f2b6a249966f21c4fbf71e01f5b10847f3ed52fe430fb48e

    • SHA512

      3a8f40d7ee5cb11913d76eb68b389fb6b1f7b80801e7a731c94d09dccb18a0365e1f8cc4c21f8cd8513bc0a44a4ae80b238aca9464083fd3e5b377ac1cd90408

    • SSDEEP

      96:uL6WNNsojP57cP7BzIys0Vauo7Pwxx6xiAm1:/aZjpcjBzIZFT76xMHm1

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/constants.py

    • Size

      15KB

    • MD5

      074336001cc67e354d3dd7594558e531

    • SHA1

      44754de40dd5fee1527c980020a4ed202cf9c9e9

    • SHA256

      113198abc6b6be9dcdb9b2fb9b467bc52b2ef48a098501879e75cd3538f785ff

    • SHA512

      ff055182c1ac4b06b6eb1247d081de7c7a5cc363bd0fc8e2118e7bac54922cd15809cbb2a99bcfb5735122550854ec0f8bbefb7039ea244de7ff4a4a7e11059f

    • SSDEEP

      192:Vg91XUCpRCZL4TFuSa4XUCpbbpL4TFpWCcBO6phfJPtfDCzK4Dmcc440YvetGw+h:EcOHXO7S

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/email.py

    • Size

      3KB

    • MD5

      6dce1d03bf8a34cb42db9f635cdb203d

    • SHA1

      04bd5dd1edefc8f217e488808e04f3ddbcb0865b

    • SHA256

      c4f47d050908bb2b92e6ed3b3c40031eacca7550cba72d1c3cff09a265a01a06

    • SHA512

      85acd4fbe6e202a35868a530b6053a3cab3811665a0fcd77fbe5067c7895eb5e6fc670ceb4c1623462ef1a738a7e865e35cfb4254c7943db58bdd279c336464b

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/exceptions.py

    • Size

      450B

    • MD5

      d3cc0b8eeba12110b3bcbc19c668ea7d

    • SHA1

      64c0c40e4f761a899a9dd1f2d93ede93fc25d3a7

    • SHA256

      8880f04d4c92605d7c7b9ce1e2dd99eeec681f61d0924cbc99fd664c8e3cfe34

    • SHA512

      e3774557bc1a7813bc12c36d779765858ffd3df08d50bdb617466de4dd62c5b206fd9cd975c9fa21b8f5fae9f74d17077000c94ae5302c09c58b3f1b435e1bb8

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/oauth.py

    • Size

      3KB

    • MD5

      3bfddbdbb4de8724db1b875fc81d1ebb

    • SHA1

      6c5d0cd20979072290a161a3b853211acd7f3fa4

    • SHA256

      be0fcaa5f1f2c1fd54a7a2dd5909ae94d139ff87cf4b4ddd2c7acdce5769de3d

    • SHA512

      bb39560d9f08dea226425b5f9736181bf4b67704f588ff41a033c4468eea0d2a19fc92cb4d54b1eae7a980b539610bb5825e9e6f966d9754c0abfd146b5ea060

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/twitter.py

    • Size

      11KB

    • MD5

      72030822617d93a2ac77fe52c3cfb3e8

    • SHA1

      faebef647627bc0841a04f04245c7bc99b6ff296

    • SHA256

      98e10715767f613e61c93bb5d759996b6c4dae220db01a71df44e6ffa5bfc8da

    • SHA512

      bd969f3d90aae21396403b4433b18e60937da5763a18fef3cf7e67702538ad85f5e77d31c7810f13734545878de502804243314ad369214e031b4f0dcd7ae7a2

    • SSDEEP

      192:8miPgeYCQZkwGGvGvpQZiVLjpO27l8/oDRwEcwfXw2:igeYCYvvGvpQZ6LjpO+vp

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/helpers/utils.py

    • Size

      2KB

    • MD5

      35396616dd9ee25e7ba85f3fe5a52f7f

    • SHA1

      ae56b6d7d404e67ca495d252f98f7b155b3cc127

    • SHA256

      62f1ee3479050e49a7950ac02513c4836466de09e00c61662c00a6b7c69c52f2

    • SHA512

      7eb82e927ded9f3e704102ae1f39e10fb9eb28aa46cea1ede6443d0720a894749d525925d837d87b64c8fc911861509f03e53f6d6d65643062866c28d83cdf1b

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/main.py

    • Size

      41KB

    • MD5

      0729e2e68d671f5a3eac77ba8afcf388

    • SHA1

      40ed6ea477ff10c1161d47700be1b1e1288cf809

    • SHA256

      73fb8c5fac4f273c5d1bdd5b649f968faa265a66361f4dced884f93bcf12d09f

    • SHA512

      d1b60c93e67d03f4db63a00f09a1dc8c71797d5b706320f006d0bacfe0f2fa3fd35049b7c45ec2a307540e8b25b4591f775d2bd1968baa79e9438c0f9c23075a

    • SSDEEP

      768:+VjQ3dHknICMaxVeh0TNhDdh0yRqjUsAYMsNWmwT7wWbX2:3FSICMaxV/7wEm7zRNZ

    Score
    3/10
    • Target

      Twitter-Account-Generator-main/start.bat

    • Size

      4KB

    • MD5

      6b2d9f1769e0a9764ad143ac2679793b

    • SHA1

      c9f5de490ce94729c1da33e375fb4c85a2a4e9f3

    • SHA256

      546fe7bedfc1f85065c096b5cd025b65040e3ace4254d788575effdfd7ee8bb9

    • SHA512

      e6060cf7c609a881a6b34157b75345b73a7101d86b5547ca49cf0cf3380b412c5b6d9261fc8507a3418c5cfce17431d39d415f0448bf1f90d6c15452ed6a6551

    • SSDEEP

      96:9eGnKyIuE5jEdXT2QPUjtOmZE5jEdXT2QcBT8r7q:9pfE5QF2QsVE5QF2QcU2

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

    • Deobfuscate/Decode Files or Information

      Payload decoded via CertUtil.

MITRE ATT&CK Enterprise v15

Tasks