Overview

overview

10

Static

static

10

installpy3.8.bat

windows7-x64

1

installpy3.8.bat

windows10-2004-x64

1

venz.xyz.exe

windows7-x64

7

venz.xyz.exe

windows10-2004-x64

9

x.6xyyn.py

windows7-x64

3

x.6xyyn.py

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45871378c7a91318dfda953a8b4efbdb0e0d150a4f92c612f711aeb762e7c031

  • Size

    19.7MB

  • Sample

    240822-zrk6jsxdpe

  • MD5

    fb0b39625bb59cd930069948dd20a43c

  • SHA1

    30d8771889146ec6b48b90034097ae99b2b0f409

  • SHA256

    45871378c7a91318dfda953a8b4efbdb0e0d150a4f92c612f711aeb762e7c031

  • SHA512

    39e20b1aa8eae98935192c85b8cb0e899445df92909fd3cc0aa76c736307f1f68b5e5722c00eb4e8e65ea5f314027572b9bb66c0385895606a7c7309359e6681

  • SSDEEP

    393216:kZaYTUkWVNcnZHYVmvYmDXaI9+0n9PH3q5MEhMmKRYcS+m7LsHCm3Ud3BncSzOeu:kZAkw48pmW0Xq5MYGAd7LseBnsaUz

Score
10/10
empyreancredential_accessdiscoverypersistenceprivilege_escalationpyinstallerspywarestealerupx

Malware Config

Targets

    • Target

      installpy3.8.bat

    • Size

      47KB

    • MD5

      18e17774097ec626ff846c22cd9840f9

    • SHA1

      691856af491bc2a8e7399409e606f0f78730341b

    • SHA256

      3653d2ad5e2d98f12ad4ea90c547d648d98f34da3b4936442b0dbc90f22b83c3

    • SHA512

      881c2beaae0d16cff068b5c891041538c58be1a6d3fa5c6a35dede9579ea072f248942fb690ff3b8590bf3a392f28047226148e0a59fa99bf4d253511fa74a42

    • SSDEEP

      768:y3/HEkYRHeLhcgbgm3vjM0kLicUyL6dylQLM+w48IL32eCpP71fAN4ylXV1ZCG2I:Gsuvg0QTXyAPKah7y8c0vJuQP1CJTqT8

    Score
    1/10
    behavioral1behavioral2

    • Target

      venz.xyz.exe

    • Size

      19.9MB

    • MD5

      ad62a53d7cf54f8058181587260b35c0

    • SHA1

      70303dddd94910613576fb0c2347383b8b0803f4

    • SHA256

      0c0f9dd5e376d642c0e8ba63af44676947c3a0bff5d5777ca3e4fb265adbf793

    • SHA512

      514afb1fc59fa3dca02781fcab0a2428dd1acdb6d4128ef068763388436f16a87e27fa3d05f0b8e384b7e859957dff3a587dfed3dfd8b6d5ce2e5e2a9514f7ff

    • SSDEEP

      393216:ouqPnLFXlrFhrQ6DOETgs77fGsgw/vO4xa1f3L4Sm:IPLFXNFNQrE7zvOXf3U

    Score
    9/10
    upxcredential_accessdiscoverypersistenceprivilege_escalationspywarestealer

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral3behavioral4

    • Target

      x.6xyyn.py

    • Size

      428KB

    • MD5

      b0db11ccf6cc25f90b6549b2ac8b4be6

    • SHA1

      06505b3e55fea1b45b354ec254948917cc9b7f20

    • SHA256

      ea144323b74c05280c4fa2032103775cfae4969f8b9b08b8c32d686f0f48b647

    • SHA512

      cb73ff1a0f06d748c1ebc7e648b07cfdff7d89b8c40029625af88eef87ca3d7eb79176970404a8d6c35ccf9958cdc3fe4531fc75799408986b0bb294972cca16

    • SSDEEP

      6144:Gsuvg0QTXyAPKah7y8c0vJuQP1CJTqTAHvYzIBTREvR8KCOum7k3muBRhRam7mYQ:L

    Score
    3/10
    discovery
    behavioral5behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Browser Information Discovery

1
T1217

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Wi-Fi Discovery

1
T1016.002

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Web Service

1
T1102

Exfiltration

Impact

Tasks