General
-
Target
HowlClient.exe
-
Size
81.2MB
-
Sample
240816-271x2stble
-
MD5
d0fbedcc03d22a594c693cb20666d8f4
-
SHA1
174f6113139c69d153ede0b2e2e7d5a4f89d5c6f
-
SHA256
16b5be77f064aeb7c6c9715b4522372f6cdfb765b088ee08c7694e82a9c565ad
-
SHA512
f9f6cf7f24a3c6577fcb966104938fe09537e3467bd01c975e71ea50e75ebc9febc0605f7b6c8d8359e5d7b29afb2fa55251b9b5f052a1857a1f53c30e03145b
-
SSDEEP
1572864:5vlQ3jqNJSk8IpG7V+VPhqKL9E7LjCdnneWB/4PcPJRfW19vT8rXvh:5vl+sJSkB05awKLQuZtB/YcPzfs9vYrX
Malware Config
Targets
-
-
Target
HowlClient.exe
-
Size
81.2MB
-
MD5
d0fbedcc03d22a594c693cb20666d8f4
-
SHA1
174f6113139c69d153ede0b2e2e7d5a4f89d5c6f
-
SHA256
16b5be77f064aeb7c6c9715b4522372f6cdfb765b088ee08c7694e82a9c565ad
-
SHA512
f9f6cf7f24a3c6577fcb966104938fe09537e3467bd01c975e71ea50e75ebc9febc0605f7b6c8d8359e5d7b29afb2fa55251b9b5f052a1857a1f53c30e03145b
-
SSDEEP
1572864:5vlQ3jqNJSk8IpG7V+VPhqKL9E7LjCdnneWB/4PcPJRfW19vT8rXvh:5vl+sJSkB05awKLQuZtB/YcPzfs9vYrX
Score9/10-
Enumerates VirtualBox DLL files
-
Command and Scripting Interpreter: PowerShell
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
-
-
Target
discord_token_grabber.pyc
-
Size
17KB
-
MD5
6d95a89c15e75f18ef85408e3405ba6e
-
SHA1
0d987185eadf9c6000bff8678d4cba24b897f7ed
-
SHA256
e95f674ec4cf7be0e53828c712103d8d136a13aec5a4f06fa8bd88d42a2176bd
-
SHA512
bbcf9790dabbd108f0a4161e1c01142d42cd81527411a0fc78087cd8ea07399586fb7ef93a7108654a0ac763e9e88015f2f0ec0028f76c3ad2d13f3864f568ac
-
SSDEEP
384:cGllyAavQS9F0RW807PPQviowoYbCj+Mo8WWIc02a8:cIlytv39iRW8inQ6owoYOyM0d2a8
Score3/10 -
-
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
b38f506528b3d6d5dbd851426c347b95
-
SHA1
e91bf4ef42128267934e21be0176e552480f5977
-
SHA256
85a7c34afad2c270ca690a5b4c30cc8bf16967e623fc77f4de4497901030a93b
-
SHA512
ab110dc92eba564fd0ec6c6a75e779f588518dc1aa461f072ab02b96bc11fbe25e09faa6a556dc6a127c3e8826382697b72037a0cefbdaf32fd70a723e746295
-
SSDEEP
192:TzOCIeinQfUF9LdwOEVOFc1mNe47+o+zEzzzzz1zz+HoowAE:TzOUiQccEe4KoOIAE
Score3/10 -
-
-
Target
misc.pyc
-
Size
5KB
-
MD5
31aa260c6cdeaa9d942cd0dcfcadd16a
-
SHA1
a6818f3acf5c2ab9d65b41a81cb92b36b85cc932
-
SHA256
b522284f1a7e518c269c0414160407ec7834a4397f85ef389433b49367b5df9c
-
SHA512
0dd277ef948315a3554bd8c5110e27afa9b2eac88defc1211771c050cdd27b3668484dec35ec5c5010bff00b62c2cebd9e7286c0b114ad28437719b42bd0fc2c
-
SSDEEP
96:DSajAihmJG4n3B4SmSSSSlSSSShDwegPbbVxlj0nIAEDS5ejmw01k9Bddpq:eYAfn3ySmSSSSlSSSSeeOPVxx0nIAZeQ
Score3/10 -
-
-
Target
passwords_grabber.pyc
-
Size
8KB
-
MD5
704dced7f7530b19a34a5f7a71c26b10
-
SHA1
608d9647488cfa2b5f84a891028168a973bfcfa9
-
SHA256
1fd284f1e27263bd2a16050c6989933a382c7d196f4c9f247187cc3b3f6ba3ac
-
SHA512
e4a6710abef2c45d631745c91d8135873be06e5b240a61362e341d05ecc1dedf885487a554b648c328a3c5cc17fcf74e6d066b2e3f51379358ba28c2a0f2f39f
-
SSDEEP
192:+CE34EAL/GFf/PomdPO23NsDmqFUhkxNivLI9dRvL:Y4EAL/AfRBO8NsxuOxNn
Score3/10 -
-
-
Target
source_prepared.pyc
-
Size
180KB
-
MD5
3d930d2e700db120fea7dc5786719326
-
SHA1
192a5c5f41c363eb97b38f2ff5efda04d85acf99
-
SHA256
7e000b292df25779f918111fa021bad410f4dca753b25e1bbba5381091626f8a
-
SHA512
c49c4c3eb2bcee026792225b7089367d1c2acda8d7f4b9a275a22c83e283ad8ff1c628c8304c31902df940c1c33845394223db052479945999c24529807b3841
-
SSDEEP
3072:bGLavRA9f4T4o0PEtelZN+thZaJH9g7lqLCknW:qWvUC4o08cN+rZaJH9g7lICr
Score3/10 -
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1