60469e59dd3f911ea4c04971f62ff891c97c5612c654ddb114dd47f7a1565d63

Sharing

Copy URL

Twitter E-mail

General

Target

60469e59dd3f911ea4c04971f62ff891c97c5612c654ddb114dd47f7a1565d63
Size

21KB
Sample

240808-vcjlyszdqc
MD5

58780283c17f291ad66bf96cf7cb988d
SHA1

ca16fd624c04c4b8cc5b5d6bfea412fc441b6b66
SHA256

60469e59dd3f911ea4c04971f62ff891c97c5612c654ddb114dd47f7a1565d63
SHA512

ab4fd4f094a78fc088dd08b565f2d5112b22ecf74f84d78d97a3e331b96560fdbccba30aa475a6c1af2a1467a52ac3e510c8b5fe4ad60d3d7b6e410ecbff533d
SSDEEP

384:7Mq0S/JuBRJJqtSiiGo/cPxG7mVNerzocDjUsQAXVQ1C4uyRv:odSyzKLAaLwvocDjUWKuQv

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://captcha-private.com/duck

Targets

- Target
  
  Twitter-Account-Generator-main/exceptions.py
- Size
  
  1KB
- MD5
  
  0613cc6e29e8bddca38554f6f0d75bcf
- SHA1
  
  2a2e21429fe3fa5fc105122bbc7648b2680f026e
- SHA256
  
  e83a4c3fb5a457b70bcf62424ad9669c2085181d3c4c77406e9cd94af60bc9f2
- SHA512
  
  9ad9927ef63096423e3192aa2fe5b921d46c796b5930263211de272d35b51a39a450aa6cdbcabb8f462f614d9ccfed46966af73bb2053c751d9c3ec4adeb4885
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  Twitter-Account-Generator-main/helpers/__init__.py
- Size
  
  894B
- MD5
  
  623726fb9c1b0b2797c7126134086678
- SHA1
  
  c2ab5b8a23b2b9839b51c74e69d215583ca2088f
- SHA256
  
  1cdeb75d2c2081c78689fce72b6ca0c44a5bf7a66bdb3cb720d7120f043a606b
- SHA512
  
  c478e42065aa8d68c78e7ca96c70fec88a4ae31878c771bfc98ff5b25c12a397c00475bc84834e7fec4fcd6fb5fe954a933f63a02321af47733bf69fbf8f4e90
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  Twitter-Account-Generator-main/helpers/captcha.py
- Size
  
  4KB
- MD5
  
  86768389643ad0f4a8101caecf72f65d
- SHA1
  
  a922aa68d656d38bf9df0fa91a4c91bd3600cae0
- SHA256
  
  13023e90d3d98d02f2b6a249966f21c4fbf71e01f5b10847f3ed52fe430fb48e
- SHA512
  
  3a8f40d7ee5cb11913d76eb68b389fb6b1f7b80801e7a731c94d09dccb18a0365e1f8cc4c21f8cd8513bc0a44a4ae80b238aca9464083fd3e5b377ac1cd90408
- SSDEEP
  
  96:uL6WNNsojP57cP7BzIys0Vauo7Pwxx6xiAm1:/aZjpcjBzIZFT76xMHm1
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  Twitter-Account-Generator-main/helpers/constants.py
- Size
  
  15KB
- MD5
  
  074336001cc67e354d3dd7594558e531
- SHA1
  
  44754de40dd5fee1527c980020a4ed202cf9c9e9
- SHA256
  
  113198abc6b6be9dcdb9b2fb9b467bc52b2ef48a098501879e75cd3538f785ff
- SHA512
  
  ff055182c1ac4b06b6eb1247d081de7c7a5cc363bd0fc8e2118e7bac54922cd15809cbb2a99bcfb5735122550854ec0f8bbefb7039ea244de7ff4a4a7e11059f
- SSDEEP
  
  192:Vg91XUCpRCZL4TFuSa4XUCpbbpL4TFpWCcBO6phfJPtfDCzK4Dmcc440YvetGw+h:EcOHXO7S
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  Twitter-Account-Generator-main/helpers/email.py
- Size
  
  3KB
- MD5
  
  6dce1d03bf8a34cb42db9f635cdb203d
- SHA1
  
  04bd5dd1edefc8f217e488808e04f3ddbcb0865b
- SHA256
  
  c4f47d050908bb2b92e6ed3b3c40031eacca7550cba72d1c3cff09a265a01a06
- SHA512
  
  85acd4fbe6e202a35868a530b6053a3cab3811665a0fcd77fbe5067c7895eb5e6fc670ceb4c1623462ef1a738a7e865e35cfb4254c7943db58bdd279c336464b
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Twitter-Account-Generator-main/helpers/exceptions.py
- Size
  
  450B
- MD5
  
  d3cc0b8eeba12110b3bcbc19c668ea7d
- SHA1
  
  64c0c40e4f761a899a9dd1f2d93ede93fc25d3a7
- SHA256
  
  8880f04d4c92605d7c7b9ce1e2dd99eeec681f61d0924cbc99fd664c8e3cfe34
- SHA512
  
  e3774557bc1a7813bc12c36d779765858ffd3df08d50bdb617466de4dd62c5b206fd9cd975c9fa21b8f5fae9f74d17077000c94ae5302c09c58b3f1b435e1bb8
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  Twitter-Account-Generator-main/helpers/oauth.py
- Size
  
  3KB
- MD5
  
  3bfddbdbb4de8724db1b875fc81d1ebb
- SHA1
  
  6c5d0cd20979072290a161a3b853211acd7f3fa4
- SHA256
  
  be0fcaa5f1f2c1fd54a7a2dd5909ae94d139ff87cf4b4ddd2c7acdce5769de3d
- SHA512
  
  bb39560d9f08dea226425b5f9736181bf4b67704f588ff41a033c4468eea0d2a19fc92cb4d54b1eae7a980b539610bb5825e9e6f966d9754c0abfd146b5ea060
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  Twitter-Account-Generator-main/helpers/twitter.py
- Size
  
  11KB
- MD5
  
  72030822617d93a2ac77fe52c3cfb3e8
- SHA1
  
  faebef647627bc0841a04f04245c7bc99b6ff296
- SHA256
  
  98e10715767f613e61c93bb5d759996b6c4dae220db01a71df44e6ffa5bfc8da
- SHA512
  
  bd969f3d90aae21396403b4433b18e60937da5763a18fef3cf7e67702538ad85f5e77d31c7810f13734545878de502804243314ad369214e031b4f0dcd7ae7a2
- SSDEEP
  
  192:8miPgeYCQZkwGGvGvpQZiVLjpO27l8/oDRwEcwfXw2:igeYCYvvGvpQZ6LjpO+vp
Score

3^/10

discovery
behavioral15 behavioral16
- Target
  
  Twitter-Account-Generator-main/helpers/utils.py
- Size
  
  2KB
- MD5
  
  35396616dd9ee25e7ba85f3fe5a52f7f
- SHA1
  
  ae56b6d7d404e67ca495d252f98f7b155b3cc127
- SHA256
  
  62f1ee3479050e49a7950ac02513c4836466de09e00c61662c00a6b7c69c52f2
- SHA512
  
  7eb82e927ded9f3e704102ae1f39e10fb9eb28aa46cea1ede6443d0720a894749d525925d837d87b64c8fc911861509f03e53f6d6d65643062866c28d83cdf1b
Score

3^/10

discovery
behavioral17 behavioral18
- Target
  
  Twitter-Account-Generator-main/main.py
- Size
  
  41KB
- MD5
  
  0729e2e68d671f5a3eac77ba8afcf388
- SHA1
  
  40ed6ea477ff10c1161d47700be1b1e1288cf809
- SHA256
  
  73fb8c5fac4f273c5d1bdd5b649f968faa265a66361f4dced884f93bcf12d09f
- SHA512
  
  d1b60c93e67d03f4db63a00f09a1dc8c71797d5b706320f006d0bacfe0f2fa3fd35049b7c45ec2a307540e8b25b4591f775d2bd1968baa79e9438c0f9c23075a
- SSDEEP
  
  768:+VjQ3dHknICMaxVeh0TNhDdh0yRqjUsAYMsNWmwT7wWbX2:3FSICMaxV/7wEm7zRNZ
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  Twitter-Account-Generator-main/start.bat
- Size
  
  4KB
- MD5
  
  6b2d9f1769e0a9764ad143ac2679793b
- SHA1
  
  c9f5de490ce94729c1da33e375fb4c85a2a4e9f3
- SHA256
  
  546fe7bedfc1f85065c096b5cd025b65040e3ace4254d788575effdfd7ee8bb9
- SHA512
  
  e6060cf7c609a881a6b34157b75345b73a7101d86b5547ca49cf0cf3380b412c5b6d9261fc8507a3418c5cfce17431d39d415f0448bf1f90d6c15452ed6a6551
- SSDEEP
  
  96:9eGnKyIuE5jEdXT2QPUjtOmZE5jEdXT2QcBT8r7q:9pfE5QF2QsVE5QF2QcU2
Score

10^/10

defense_evasion execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Deobfuscate/Decode Files or Information

T1140

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Command and Scripting Interpreter: PowerShell

Deobfuscate/Decode Files or Information

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22