General

  • Target

    sigma.rar

  • Size

    34.6MB

  • MD5

    f16def1c737c3314cac6b92f8fb6429e

  • SHA1

    071bcb2b4197e9bd9d84dc6538b14cf29dda9943

  • SHA256

    26784ed85b868f66d42fea69640f404a80c6b24a9a461e475340dafbf3c28431

  • SHA512

    d2344197d40dd4df17bf6b61f60043017b5926fea19b0e38a01ddb96c9ea824c13c2870ca5f1b056a2f0bd468c52b56577ebf02d38e237ed84c6bafada7a4d9e

  • SSDEEP

    786432:JVPwnoYNafWG2ynvKDXDJH4OYB6Ingj4S0lYGKVFU/8V3OeJf6FF:JVwnZN+F2yn05YB6IGtDUUV3JZiF

Score
3/10

Malware Config

Signatures

  • Detects Pyinstaller 2 IoCs
  • Unsigned PE 6 IoCs

    Checks for missing Authenticode signature.

Files

  • sigma.rar
    .rar

    Password: 123

  • Diamond follow v2/Run.bat
  • Diamond follow v2/__json/__pycache__/json_data__.cpython-310.pyc
  • Diamond follow v2/__json/__pycache__/json_data__.cpython-311.pyc
  • Diamond follow v2/__json/__pycache__/json_data__.cpython-312.pyc
  • Diamond follow v2/__json/json_data__.py
  • Diamond follow v2/__json/owner_or_admins.json
  • Diamond follow v2/__json/settings.json
  • Diamond follow v2/__json/users.json
  • Diamond follow v2/__pycache__/utils.cpython-310.pyc
  • Diamond follow v2/__pycache__/utils.cpython-311.pyc
  • Diamond follow v2/__pycache__/utils.cpython-312.pyc
  • Diamond follow v2/__pycache__/utils.cpython-39.pyc
  • Diamond follow v2/__source/__pycache__/body_structure__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/body_structure__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/body_structure__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/constants__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/constants__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/constants__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/crypto_base__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/crypto_base__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/crypto_base__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/device_auth_structure__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/device_auth_structure__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/device_auth_structure__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/managers__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/managers__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/managers__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/party_command__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/party_command__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/party_command__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/party_structure__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/party_structure__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/party_structure__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/remove_and_add__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/remove_and_add__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/remove_and_add__.cpython-312.pyc
  • Diamond follow v2/__source/__pycache__/session__.cpython-310.pyc
  • Diamond follow v2/__source/__pycache__/session__.cpython-311.pyc
  • Diamond follow v2/__source/__pycache__/session__.cpython-312.pyc
  • Diamond follow v2/__source/body_structure__.py
  • Diamond follow v2/__source/constants__.py
  • Diamond follow v2/__source/crypto_base__.py
  • Diamond follow v2/__source/device_auth_structure__.py
  • Diamond follow v2/__source/managers__.py
  • Diamond follow v2/__source/party_command__.py
  • Diamond follow v2/__source/party_structure__.py
  • Diamond follow v2/__source/remove_and_add__.py
  • Diamond follow v2/__source/session__.py
  • Diamond follow v2/cogs/Add Owner.py
  • Diamond follow v2/cogs/Invite.py
  • Diamond follow v2/cogs/Message everyone.py
  • Diamond follow v2/cogs/Nuke.py
  • Diamond follow v2/cogs/Profile Information.py
  • Diamond follow v2/cogs/Remove Owner.py
  • Diamond follow v2/cogs/State.py
  • Diamond follow v2/cogs/Token_Handling.py
  • Diamond follow v2/cogs/__pycache__/Add Owner.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Check subscription lengths.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Invite.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Message everyone.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Message.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Nuke.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Owner.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Profile Information.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Remove Owner.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/State.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Token Check.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/Token_Handling.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/authenticate.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/authenticate.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/authenticate.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/authenticate.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/blacklist.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/blacklist.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/blacklist.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/check.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/check.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/check.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/check.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/disable.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/disable.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/disable.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/disable.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/follow.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/follow.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/follow.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/follow.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/message.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/message.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/message.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/party.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/party.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/party.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/party.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/reload.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/unauthenticate.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/unauthenticate.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/unauthenticate.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/unauthenticate.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/upload.cpython-310.pyc
  • Diamond follow v2/cogs/__pycache__/upload.cpython-311.pyc
  • Diamond follow v2/cogs/__pycache__/upload.cpython-312.pyc
  • Diamond follow v2/cogs/__pycache__/upload.cpython-39.pyc
  • Diamond follow v2/cogs/__pycache__/xuid.cpython-310.pyc
  • Diamond follow v2/cogs/authenticate.py
  • Diamond follow v2/cogs/blacklist.py
  • Diamond follow v2/cogs/check.py
  • Diamond follow v2/cogs/follow.py
  • Diamond follow v2/cogs/modules/Follow orig.py
  • Diamond follow v2/cogs/modules/check.py
  • Diamond follow v2/cogs/modules/follow v2.py
  • Diamond follow v2/cogs/modules/follow.py
  • Diamond follow v2/cogs/modules/follow1.py
  • Diamond follow v2/cogs/modules/follow3.py
  • Diamond follow v2/cogs/unauthenticate.py
  • Diamond follow v2/data/#1tokens.exe
    .exe windows:6 windows x64 arch:x64

    Password: 123

    4f2f006e2ecf7172ad368f8289dc96c1


    Headers

    Imports

    Sections

  • Diamond follow v2/data/Accounts.txt
  • Diamond follow v2/data/Convertor/Account creator.config
    .xml
  • Diamond follow v2/data/Convertor/Created.txt
  • Diamond follow v2/data/Convertor/HttpLib.dll
    .dll windows:4 windows x86 arch:x86

    Password: 123

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • Diamond follow v2/data/Convertor/Xbox account creator.exe
    .exe windows:4 windows x86 arch:x86

    Password: 123

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections

  • Diamond follow v2/data/FailedAccounts.txt
  • Diamond follow v2/data/Microsoft Token Checker.exe
    .exe windows:6 windows x64 arch:x64

    Password: 123

    ba2fe82dbe3fc8bdddc26ef88c3ef15a


    Headers

    Imports

    Sections

  • Token validation.pyc
  • Diamond follow v2/data/Token validation.py
  • Diamond follow v2/data/api_keys.txt
  • Diamond follow v2/data/colors.txt
  • Diamond follow v2/data/config.json
  • Diamond follow v2/data/conv.exe
    .exe windows:5 windows x64 arch:x64

    Password: 123

    5bc16b5845145eb0edb88983820691b1


    Headers

    Imports

    Sections

  • conv.pyc
  • Diamond follow v2/data/conv.py
  • Diamond follow v2/data/owners.json
  • Diamond follow v2/data/tokens.txt
  • Diamond follow v2/data/users.json
  • Diamond follow v2/follow.py
  • Diamond follow v2/kill.bat
  • Diamond follow v2/main.py
  • Diamond follow v2/modules/utils.py
  • Diamond follow v2/nircmd.exe
    .exe windows:4 windows x64 arch:x64

    Password: 123

    633684595a5911dabe231a798d532fcd


    Headers

    Imports

    Sections

  • Diamond follow v2/party.py
  • Diamond follow v2/utils.py
  • Multi-Selfbot/config.json
  • Multi-Selfbot/main.py
  • Multi-Selfbot/rotate.json
  • Party Spammer/__data/tokens.txt
  • Party Spammer/__json/__pycache__/json_data__.cpython-310.pyc
  • Party Spammer/__json/__pycache__/json_data__.cpython-311.pyc
  • Party Spammer/__json/__pycache__/json_data__.cpython-312.pyc
  • Party Spammer/__json/json_data__.py
  • Party Spammer/__json/owner_or_admins.json
  • Party Spammer/__json/settings.json
  • Party Spammer/__json/users.json
  • Party Spammer/__source/__pycache__/body_structure__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/body_structure__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/body_structure__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/constants__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/constants__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/constants__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/crypto_base__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/crypto_base__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/crypto_base__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/device_auth_structure__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/device_auth_structure__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/device_auth_structure__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/managers__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/managers__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/managers__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/party_command__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/party_command__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/party_command__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/party_structure__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/party_structure__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/party_structure__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/remove_and_add__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/remove_and_add__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/remove_and_add__.cpython-312.pyc
  • Party Spammer/__source/__pycache__/session__.cpython-310.pyc
  • Party Spammer/__source/__pycache__/session__.cpython-311.pyc
  • Party Spammer/__source/__pycache__/session__.cpython-312.pyc
  • Party Spammer/__source/body_structure__.py
  • Party Spammer/__source/constants__.py
  • Party Spammer/__source/crypto_base__.py
  • Party Spammer/__source/device_auth_structure__.py
  • Party Spammer/__source/managers__.py
  • Party Spammer/__source/party_command__.py
  • Party Spammer/__source/party_structure__.py
  • Party Spammer/__source/remove_and_add__.py
  • Party Spammer/__source/session__.py
  • Party Spammer/main.py
  • Tonganoxie Esports auth bot/config.json
  • Tonganoxie Esports auth bot/emails.txt
  • Tonganoxie Esports auth bot/links.json
  • Tonganoxie Esports auth bot/main.py
  • Tonganoxie Esports auth bot/used.txt
  • message spammer/data__/__tokens.txt
  • message spammer/json__/__pycache__/__init__.cpython-310.pyc
  • message spammer/json__/__pycache__/json_files__.cpython-310.pyc
  • message spammer/json__/__pycache__/json_files__.cpython-311.pyc
  • message spammer/json__/__pycache__/json_files__.cpython-312.pyc
  • message spammer/json__/json_files__.py
  • message spammer/json__/owner_or_admins.json
  • message spammer/json__/settings.json
  • message spammer/json__/users.json
  • message spammer/main.py
  • message spammer/source__/__pycache__/comboing__.cpython-310.pyc
  • message spammer/source__/__pycache__/constants__.cpython-310.pyc
  • message spammer/source__/__pycache__/constants__.cpython-311.pyc
  • message spammer/source__/__pycache__/constants__.cpython-312.pyc
  • message spammer/source__/__pycache__/crypto_base__.cpython-310.pyc
  • message spammer/source__/__pycache__/crypto_base__.cpython-311.pyc
  • message spammer/source__/__pycache__/crypto_base__.cpython-312.pyc
  • message spammer/source__/__pycache__/device_auth_structure__.cpython-310.pyc
  • message spammer/source__/__pycache__/device_auth_structure__.cpython-311.pyc
  • message spammer/source__/__pycache__/device_auth_structure__.cpython-312.pyc
  • message spammer/source__/__pycache__/embed__.cpython-310.pyc
  • message spammer/source__/__pycache__/managers__.cpython-310.pyc
  • message spammer/source__/__pycache__/managers__.cpython-311.pyc
  • message spammer/source__/__pycache__/managers__.cpython-312.pyc
  • message spammer/source__/__pycache__/message__.cpython-310.pyc
  • message spammer/source__/__pycache__/message__.cpython-311.pyc
  • message spammer/source__/__pycache__/message__.cpython-312.pyc
  • message spammer/source__/__pycache__/profile__.cpython-310.pyc
  • message spammer/source__/__pycache__/profile_structure__.cpython-310.pyc
  • message spammer/source__/__pycache__/remove_and_add__.cpython-310.pyc
  • message spammer/source__/__pycache__/remove_and_add__.cpython-311.pyc
  • message spammer/source__/__pycache__/remove_and_add__.cpython-312.pyc
  • message spammer/source__/__pycache__/reserve__.cpython-310.pyc
  • message spammer/source__/__pycache__/session__.cpython-310.pyc
  • message spammer/source__/__pycache__/session__.cpython-311.pyc
  • message spammer/source__/__pycache__/session__.cpython-312.pyc
  • message spammer/source__/__pycache__/session__.cpython-37.pyc
  • message spammer/source__/__pycache__/xuid__.cpython-310.pyc
  • message spammer/source__/__pycache__/xuid_structure__.cpython-310.pyc
  • message spammer/source__/constants__.py
  • message spammer/source__/crypto_base__.py
  • message spammer/source__/device_auth_structure__.py
  • message spammer/source__/managers__.py
  • message spammer/source__/message__.py
  • message spammer/source__/modules/remove_and_add__.py
  • message spammer/source__/remove_and_add__.py
  • message spammer/source__/session__.py