General

  • Target

    Growlauncher.exe

  • Size

    105.4MB

  • MD5

    55b5c5a5e18388025249a2a2a24c09df

  • SHA1

    1c10684b24c605f805bfd94f8ee74544f32b98d8

  • SHA256

    c9e0b0b6d477d32ab604417e59bb37586ecb3d708ce40481239bafaa425e2823

  • SHA512

    db04d0c7248b6a4963a781d466d7d808270276b9335bcf26afe60ba37102fb7a3ffb4a167563da03dbbbd12d431f0871cfaa23e9bed6caaaeec96d2ffc3a82b7

  • SSDEEP

    3145728:+vbzmWSkB05awcf0t3MgjQwIIuUjOE5snfdC0Y0T:ISki88Mph00fH

Malware Config

Signatures

  • Contains code to disable Windows Defender 1 IoCs

    A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

  • Detect Pysilon 1 IoCs
  • Detect Umbral payload 1 IoCs
  • Detects Eternity stealer 1 IoCs
  • Eternity family
  • Growtopia family
  • Pysilon family
  • Umbral family
  • Detects Pyinstaller 1 IoCs
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Growlauncher.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • discord_token_grabber.pyc
  • get_cookies.pyc
  • misc.pyc
  • passwords_grabber.pyc
  • source_prepared.pyc